nevisIDM Core REST API (v1)
Introduction
The nevisIDM Core REST API enables to query and manipulate of the managed identity objects in nevisIDM through CRUD operations. CRUD stands for Creating, Reading, Updating and Deleting resources.
Relationships between two resources are defined by their external IDs. The only way to (re)define the relationship between two resources is through the nevisIDM REST API. That is, by object creation with POST calls, by assignment through PUT calls, and by unassignment through DELETE calls.
The nevisIDM REST API also provides access to the properties of the different objects. Properties are dynamic fields that contain additional, customer-specific information about a object.
Managed identity objects
The identity objects of nevisIDM looks like this:
-
Client
- A nevisIDM instance may have one ore more clients.
- A client has zero or more users.
- A client has zero or more applications.
- A client has zero or more enterprise roles.
-
User
- A user is unique on a client level.
- A user cannot be moved to another client.
- A user has zero or more profiles.
- A user has zero or more credentials.
- A user has zero or more enterprise roles.
-
Application
- An application can belong to zero or more clients.
- An application has zero or more roles.
-
Role
- A role is unique on a client level.
- A role cannot be moved to another client or application.
-
Enterprise role
- An enterprise role is unique on a client level.
- An enterprise role cannot be moved to another client.
- An enterprise role has zero or more roles.
-
Profile
- A profile is unique on a client level.
- A profile cannot be moved to another client.
- A profile has zero or one unit.
- In the object model, a profile is connected to a role through an authorization.
- In the REST API, a profile is directly connected to zero or more roles.
- In the REST API, a profile has zero or more authorizations.
-
Unit
- A unit is unique on a client level.
- A unit cannot be moved to another client.
- A unit has zero or one parent unit.
- If a unit has no parent unit, it is considered as a root unit.
- There may be multiple root units.
Updating an object - optimistic locking
When using the PATCH request to modify an object, it is possible that the originator of the request accesses and updates stale data. This occurs when the same object is being updated by another originator at the same time. This may result in accidental overwriting of data.
To ensure data consistency, the version field of the objects can be used upon modifying data. It is set to default when an object is created, and it is incremented each time an object is modified.
When including the version number in the body of the PATCH request, nevisIDM will check whether the version of the object being modified is up to date. If it is, the modification will be stored, if it is not, an error message will be returned with 409 Conflict status code.
Example request body
When updating the application with the given external ID (PATCH).
-
Request (application/json)
-
Body
{ "extId": "1001", "version": 10, "name": "Confluence", "url": "www.newurl.com/confluence/" }
-
-
Response 200
If the application with extId 1001 has the version of value 10.
- Response 409
If the application with extId 1001 has the version of value different than 10.
-
Body
{ "errors": [{ "code": "errors.optimisticLockingFailure", "message": "Row was updated or deleted by another transaction (or unsaved-value mapping was incorrect) : [ch.adnovum.nevisidm.service.dto.Application#1001]" }] }
Please note that if the version number is not included in the request body, the object will be modified regardless of its version. This may lead to inconsistent data.
Pagination of result lists
When performing a GET request to retrieve a list of results, the result set can be limited in order to improve performance. By default, the number of results returned is set to 1000. To access the next page of results, a continuation token is used. The limit and/or continuation token are expected in the URL as query parameters ().
Example of pagination
When sending a GET request to the following URL: https://your-host/nevisidm/api/core/v1/clients?limit=3
-
Response 200 (application/json)
-
Body
{ "items": [{ "created": "2018-09-09T00:00:00Z", "lastModified": "2018-12-21T14:38:45Z", "version": 1, "extid": "1000", "name": "client1" }, { "created": "2018-09-09T00:00:00Z", "lastModified": "2018-12-21T14:38:45Z", "version": 1, "extid": "1001", "name": "client2" }, { "created": "2018-09-09T00:00:00Z", "lastModified": "2018-12-21T14:38:45Z", "version": 1, "extid": "1002", "name": "client3" }], "_pagination": { "continuationToken": "1536444000000_1002", "limit": 3 } }
-
The continuationToken in the response body can be used to retrieve the next set of results by including it in the URL: https://your-host/nevisidm/api/core/v1/clients?limit=3&continuationToken=1536444000000_1002
Information classification with the REST API – GDPR business case
The content of this section can also be found at:
NevisIDM Reference Guide - section “Appendix A - Use Cases” - “Information classification with the REST API – GDPR business case”
The General Data Protection Regulation (GDPR) is a regulation issued by the European Union to strengthen and unify data protection. The REST API of nevisIDM allows marking user-related data in order to classify information, as is required in the GDPR business case.
Configuration
Marking user-related data is possible through client policy configuration. The following is a sample configuration of the client policy:
data.classifications=[gov, sensitive, personal]
data.classifications.personal.user=[name.firstName, name.familyName, contacts.mobile]
data.classifications.sensitive.user=[birthDate]
data.classifications.gov.user=[languageCode]
data.classifications.personal.user.properties=[propertyName1, propertyName2]
data.classifications.personal.profile=[remarks, modificationComment]
data.classifications.gov.profile=[profileState]
data.classifications.personal.profile.properties=[propertyName1, propertyName2]
The declaration of the customized classification levels occurs in the client policy configuration parameter _data.classifications{_}. The only limitation on the defined levels is that they have to match the following regular expression: [a-zA-Z0-9]+.
The declaration of fields occurs in line with the syntax data.classifications.<level>.<object>.
Before you are going to use a classification (level), do not forget to declare it in the client policy configuration parameter data.classificationsfirst. Otherwise a validation error will occur. For example, the following client policy configuration will not be accepted:
data.classifications=[gov, sensitive, personal]
data.classifications.undefined.user=[name.firstName,name.familyName, contacts.mobile]
The validation of fields enforces the rule set of the object. Therefore, the validation does not accept any item that is not part of the object returned by the corresponding REST service. The supported objects are those of the user and profile. Moreover, user properties and profile properties can be classified as well. The validation is case sensitive and the hierarchical relationships among fields are enforced, too. Hence, the following scenarios would be rejected:
data.classifications.personal.user=[firstName, contacts.MOBILE]
data.classifications.sensitive.user=[randomName]
data.classifications.gov.user=[mobile]
REST response format
The following responses are only returned in the format shown below if you have configured an applicable client policy.
When querying a single user:
//GET /users/12345
{
"extId": "12345",
"name": {
"firstName": "Maria",
"lastName": "Meier"
},
"_classifications": {
"personal": ["name.firstName", "birthDate", "contacts.mobile"],
"sensitive": ["birthDate"],
"gov": ["language"]
}
}
When querying a list of users:
//GET /clients/{extId}/users/
{
"items": [
{
"extId": "12345",
"name": {
"firstName": "Maria",
"lastName": "Meier"
}
}
],
"_classifications": {
"personal": ["name.firstName", "name.familyName", "contacts.mobile"],
"sensitive": ["birthDate"],
"gov": ["languageCode"]
}
}
When querying properties:
//GET /{clientExtId}/profiles/{extId}/properties/
{
"propertyName1": "value1",
"propertyName2": "value2",
"propertyNameN": "valueN",
"_classifications": {
"personal": ["propertyName1", "propertyName2"],
}
}
Tags
New calls are annotated with the nevisIDM version from which they are available from.
Calls that can be used for self-administration are marked with the SELFADMIN tag. Calls for self-administration sent by a user to view or modify his own data only require the permission AccessControl.SelfAdmin. However, if someone else other than the user wants to modify the data of this user, other permissions are required, such as AccessControl.UserView or AccessControl.UserDelete. For more details, see the chapters that describe the relevant services.
Calls that can no longer be used are marked with the DEPRECATED tag.
Common errors
HTTP response codes
The following common error codes are available:
-
401 - The caller user is unauthorized (not logged in).
-
403 - The caller user has no right to access the target data room or entity type.
-
404 - There is no entity with the external ID set in the request URI (the requested entity could not be found).
-
409 - The request could not be completed due to a conflict with the current state of the target resource. For example, the target resource may have been modified concurrently.
-
422 - The request format is valid, but the values are violating business rules. For example, a mandatory value is missing, a read-only value has been changed, or a value represents an invalid state. This error code always refers to business errors.
-
500 - A technical, non-business-related error has occurred on the server side.
HTTP response object
In case of error, a JSON object is returned with the following content:
-
errorCode - A unique and short identifier of the error (string).
-
message - A short textual description of the error (string).
Important notes
-
The nevisIDM REST API is an individual API. Its versioning is independent from other APIs.
-
You must be logged in to be able to use the nevisIDM REST API.
-
The data room concept is valid for this API (see the nevisIDM reference guide, chapter “Authorization in nevisIDM”). This means that you might receive different result sets and might be able to create or modify different resources than another caller, depending on the nevisIDM roles assigned to you.
-
All data that goes through the REST API is validated on the server side before processing. It is important, however, that you validate the data on the client side as well.
-
Note that the received data must not fully represent the object model of the nevisIDM web application. This is because not all fields of an object are exposed.
-
When you use PATCH to update resources with the API, all “null” values are ignored. Note that for some fields you cannot set the attributes back to “empty”.
Clients ¶
Clients are representing “virtual organizations” or tentants. In some cases, our customers want to handle different organizations separately. Consider for example the customer McDanold’s, a fake fast food restaurant. This customer is present in different markets: EMEA, ASPAC and AMERICAS. The organizations in the different markets have to fulfil different legal obligations (for example, different policies for credentials), may have unique organizational structures, use different devices and software, and so on. Thus, it makes sense to handle each market separately. Another customer, a holding, owns companies in different industries with different profiles. Governmental customers may need separate clients for different departments (e.g., police, fire and immigration).
Clients can have zero to many users, applications, enterprise roles, units and policies. All resources, except for applications, cannot exist without a client. Thus, it is not possible to unassign the resources from the client, nor is it possible to reassign them to other clients.
The REST API only supports the reading of clients. The creation, modification and deletion of clients is not supported.
Note that the unassignment of an application from a client makes the application inaccessible for all users of the client.
Client
The client DTO has the following fields:
-
extId - External ID of the client. Can only be set on creation.
-
name - Internal name of the client (string).
-
displayName - Language-dependent name of the client (object).
- EN - Client name in English (string).
- DE - Client name in German (string).
- FR - Client name in French (string).
- IT - Client name in Italian (string).
-
version - Version used for optimistic locking (number).
-
created - Creation date of the entity (read-only string).
-
lastModified - Date when the entity was last modified (read-only string).
User
The user DTO has the following fields:
-
extId - The external ID of the user. Can only be set on creation.
-
clientExtId - The external ID of the client the user belongs to (string).
-
userState - The state of the user (string).
-
loginId - The login ID (username) of the user (string).
-
languageCode - The default language of the user (string).
-
isTechnicalUser - Determines whether the user is a regular user like a real person, or a technical user like another software (boolean).
-
name - The name of the user (object).
- title - The title of the user (string).
- firstName - The first name of the user (string).
- familyName - The last name of the user (string).
-
sex - The biological sex of the user. This is not the same as legal gender (string).
-
gender - The gender of the user. Possible values are ‘female’, ‘male’ and ‘other’ (Note: The gender value ‘other’ is only supported if the policy ‘application.feature.othergender.enabled’ is enabled for the client of the user.) (string).
-
birthDate - The user’s date of birth in ISO format (string).
-
address - The address of the user (object).
- countryCode - The ISO country code of the user (string).
- city - The city where the user lives (string).
- postalCode - The postal code (or ZIP code) of the user (string).
- addressline1 - Free text for supplementary address information (string).
- addressline2 - Free text for supplementary address information (string).
- street - the street of the user (string).
- houseNumber - The house number of the user (string).
- dwellingNumber - The dwelling number (string). This number is relevant in combination with the user’s house number.
- postOfficeBoxText - Describes the term “post box” according to the accepted form in the given country (string).
- postOfficeBoxNumber - The number of the post box (number).
-
contacts - Telephone numbers and e-mail addresses on which the user can be contacted (object).
- telephone - The number of the user’s landline (string).
- telefax - The fax number of the user (string).
- mobile - The cellphone number of the user (string).
- email - the e-mail address of the user (string).
-
validity - The validity period of the user entity (object).
- to - The end date of the user’s validity period in ISO format (string).
- from - The start date of the user’s validity period in ISO format (string).
-
remarks - General textual remark about the user (string).
-
modificationComment - Textual comment on the last modification (string).
-
version - Version used for optimistic locking (number).
-
created - Creation date of the entity (read-only string).
-
lastModified - Date when the entity was last modified (string).
Application
The application DTO has the following fields:
-
extId - External ID of the application (read-only string).
-
name - Internal name of the application (string).
-
description - Textual description of the application (string).
-
url - URL of the application.
-
displayed - Determines whether the application must be displayed on nevisPortal (boolean).
-
displayName - Language-dependent name of the application (object).
- EN - Application name in English (string).
- DE - Application name in German (string).
- FR - Application name in French (string).
- IT - Application name in Italian (string).
-
version - Version used for optimistic locking (number).
-
created - Creation date of the entity (read-only string).
-
lastModified - Date when the entity was last modified (read-only string).
Enterprise Role
The enterprise role DTO has the following fields:
-
extId - The external ID of the enterprise role (string).
-
clientExtId - The external ID of the client to which the enterprise role belongs (string).
-
name - The name of the enterprise role (string).
-
description - The textual description of the enterprise role (string).
-
displayName - The language-dependent name of the enterprise role (object).
- EN - The enterprise role name in English (string).
- DE - The enterprise role name in German (string).
- FR - The enterprise role name in French (string).
- IT - The enterprise role name in Italian (string).
-
version - Version used for optimistic locking (number).
-
created - Creation date of the entity (string).
-
lastModified - The date when the entity was last modified (string).
Clients ¶
Get clientsGET/clients
Returns all clients in the system.
Required permissions
AccessControl.ClientView
Example URI
200
Headers
Content-Type: application/json
Body
{
"items": [
{
"extId": "1001",
"name": "McDanold's ASPAC",
"displayName": {
"EN": "McDanold's ASPAC",
"DE": "McDanold's ASPAC",
"FR": "McDanold's ASPAC",
"IT": "McDanold's ASPAC"
},
"version": 2,
"created": "2017-08-17T00:00:00Z",
"lastModified": "2017-08-17T00:00:00Z"
},
{
"extId": "1000",
"name": "McDanold's EMEA",
"displayName": {
"EN": "McDanold's EMEA",
"DE": "McDanold's EMEA",
"FR": "McDanold's EMEA",
"IT": "McDanold's EMEA"
},
"version": 0,
"created": "2017-08-17T00:00:00Z",
"lastModified": "2017-08-17T00:00:00Z"
}
],
"_pagination": {
"continuationToken": "1502928000_1000",
"limit": 1000
}
}
Client ¶
Get clientGET/clients/{extId}
Returns the client with the given external ID.
Required permissions
AccessControl.ClientView
Example URI
- extId
string
(required) Example: 1000ExtID of the client.
200
Headers
Content-Type: application/json
Body
{
"extId": "1000",
"name": "McDanold's EMEA",
"displayName": {
"EN": "McDanold's EMEA",
"DE": "McDanold's EMEA",
"FR": "McDanold's EMEA",
"IT": "McDanold's EMEA"
},
"version": 0,
"created": "2017-08-17T00:00:00Z",
"lastModified": "2017-08-17T00:00:00Z"
}
Client users ¶
Get client usersGET/clients/{extId}/users
Returns all users of the client with the given external ID.
Required permissions
AccessControl.ClientView, AccessControl.UserView
Example URI
- extId
string
(required) Example: 1000ExtID of the client.
200
Headers
Content-Type: application/json
Body
{
"items": [
{
"extId": "12314wsss",
"clientExtId": "1000",
"userState": "active",
"version": 0,
"loginId": "testUser",
"languageCode": "en",
"isTechnicalUser": false,
"name": {
"title": "Mr.",
"firstName": "John",
"familyName": "Doe"
},
"sex": "male",
"birthDate": "1969-04-12",
"address": {
"countryCode": "ch",
"city": "Zurich",
"postalCode": "123414",
"addressline1": "PostBox 1241",
"addressline2": "Company XYZ",
"street": "Poststreet",
"houseNumber": "12",
"dwellingNumber": "102B",
"postOfficeBoxText": "PostBox",
"postOfficeBoxNumber": 1241
},
"contacts": {
"telephone": "+41781254153",
"telefax": "+41781254154",
"mobile": "+41781254156",
"email": "john.doe@adnovum.ch"
},
"validity": {
"from": "2016-12-31T12:00:00Z",
"to": "2022-01-01T12:00:00Z"
},
"remarks": "This is test user john doe",
"modificationComment": "Adjusted his address",
"created": "2017-08-17T00:00:00Z",
"lastModified": "2017-08-17T00:00:00Z"
},
{
"extId": "12314abc",
"clientExtId": "1000",
"userState": "active",
"version": 0,
"loginId": "testUser2",
"languageCode": "en",
"isTechnicalUser": false,
"name": {
"title": "Mr.",
"firstName": "Peter",
"familyName": "Doe"
},
"sex": "male",
"birthDate": "1969-04-12",
"address": {
"countryCode": "hu",
"city": "Budapest",
"postalCode": "123414",
"addressline1": "PostBox 1241",
"addressline2": "Company XYZ",
"street": "Poststreet",
"houseNumber": "12",
"dwellingNumber": "102B",
"postOfficeBoxText": "PostBox",
"postOfficeBoxNumber": 1241
},
"contacts": {
"telephone": "+36181254153",
"telefax": "+36181254154",
"mobile": "+36181254156",
"email": "peter.doe@adnovum.ch"
},
"validity": {
"from": "2016-12-31T12:00:00Z",
"to": "2022-01-01T12:00:00Z"
},
"remarks": "This is test user peter doe",
"modificationComment": "Adjusted his address",
"created": "2017-08-17T00:00:00Z",
"lastModified": "2017-08-17T00:00:00Z"
}
],
"_pagination": {
"continuationToken": "1502928000_12314abc",
"limit": 100
}
}
Client applications ¶
Get client applicationsGET/clients/{extId}/applications
Returns all applications of the client with the given external ID.
Required permissions
AccessControl.ClientView, AccessControl.ApplicationView
Example URI
- extId
string
(required) Example: 1000ExtID of the client.
200
Headers
Content-Type: application/json
Body
{
"items": [
{
"extId": "1001",
"version": 10,
"name": "Confluence",
"description": "Confluence is used to store documents.",
"url": "www.example.com/confluence/",
"displayed": true,
"displayName": {
"EN": "Confluence",
"DE": "Confluence",
"FR": "Confluence",
"IT": "Confluence"
},
"created": "2017-08-17T00:00:00Z",
"lastModified": "2017-08-17T00:00:00Z"
},
{
"extId": "1000",
"version": 0,
"name": "Jira",
"description": "Jira is for ticketing.",
"url": "www.example.com/Jira/",
"displayed": true,
"displayName": {
"EN": "Jira",
"DE": "Jira",
"FR": "Jira",
"IT": "Jira"
},
"created": "2017-08-17T00:00:00Z",
"lastModified": "2017-08-17T00:00:00Z"
}
],
"_pagination": {
"continuationToken": "1502928000_1000",
"limit": 100
}
}
Client applications ¶
Assign applicationPUT/clients/{extId}/applications/{applicationExtId}/
Assigns the application with the given external ID to the client with the given external ID.
Required permissions
AccessControl.ClientApplAssign
Example URI
- extId
string
(required) Example: 1000ExtID of the client.
- applicationExtId
string
(required) Example: 1000ExtID of the application to be assigned.
204
Unassign applicationDELETE/clients/{extId}/applications/{applicationExtId}/
Unassigns the application with the given external ID from the client with the given external ID.
Required permissions
AccessControl.ClientApplDelete
Example URI
- extId
string
(required) Example: 1000ExtID of the client.
- applicationExtId
string
(required) Example: 1000ExtID of the application to be assigned.
204
Client enterprise roles ¶
Get client erolesGET/clients/{extId}/eroles
Returns all enterprise roles of the client with the given external ID.
Required permissions
AccessControl.ClientView, AccessControl.EnterpriseRoleView
Example URI
- extId
string
(required) Example: 1000ExtID of the client.
200
Headers
Content-Type: application/json
Body
{
"items": [
{
"extId": "234",
"clientExtId": "1000",
"version": 0,
"name": "erole1",
"description": "erole1",
"displayName": {
"EN": "erole1",
"DE": "erole1",
"FR": "erole1",
"IT": "erole1"
},
"created": "2017-08-17T00:00:00Z",
"lastModified": "2017-08-17T00:00:00Z"
},
{
"extId": "231",
"clientExtId": "1000",
"version": 0,
"name": "erole2",
"description": "erole2",
"displayName": {
"EN": "erole2",
"DE": "erole2",
"FR": "erole2",
"IT": "erole2"
},
"created": "2017-08-17T00:00:00Z",
"lastModified": "2017-08-17T00:00:00Z"
}
],
"_pagination": {
"continuationToken": "1502928000_231",
"limit": 100
}
}
Client units ¶
Get client unitsGET/clients/{extId}/units
Returns all units of the client with the given external ID.
Required permissions
AccessControl.ClientView, AccessControl.UnitView
Example URI
- extId
string
(required) Example: 1000ExtID of the client.
200
Headers
Content-Type: application/json
Body
{
"items": [
{
"extId": "102",
"parentUnitExtId": "2311",
"clientExtId": "1000",
"version": 0,
"hierarchicalName": "2311/102",
"name": "MyUnit1",
"location": "something",
"description": "something",
"displayName": {
"EN": "MyUnit1",
"DE": "MyUnit1",
"FR": "MyUnit1",
"IT": "MyUnit1"
},
"abbreviation": {
"EN": "MU1",
"DE": "MU1",
"FR": "MU1",
"IT": "MU1"
},
"profileless": true,
"modificationComment": "blabla",
"validity": {
"from": "2017-08-17T00:00:00Z",
"to": "2027-08-17T00:00:00Z"
},
"created": "2017-08-17T00:00:00Z",
"lastModified": "2017-08-17T00:00:00Z"
},
{
"extId": "100",
"parentUnitExtId": "2311",
"clientExtId": "1000",
"version": 0,
"hierarchicalName": "2311/100",
"name": "MyUnit2",
"location": "something",
"description": "something",
"displayName": {
"EN": "MyUnit2",
"DE": "MyUnit2",
"FR": "MyUnit2",
"IT": "MyUnit2"
},
"abbreviation": {
"EN": "MU2",
"DE": "MU2",
"FR": "MU2",
"IT": "MU2"
},
"profileless": true,
"modificationComment": "blabla",
"validity": {
"from": "2017-08-17T00:00:00Z",
"to": "2027-08-17T00:00:00Z"
},
"created": "2017-08-17T00:00:00Z",
"lastModified": "2017-08-17T00:00:00Z"
}
],
"_pagination": {
"continuationToken": "1502928000_100",
"limit": 100
}
}
Client policies experimental ¶
Get client policiesGET/clients/{extId}/policies/
Returns all policies of the client with the given external ID.
Required permissions
AccessControl.ClientView, AccessControl.PolicyConfigurationView
Example URI
- extId
string
(required) Example: 1000ExtID of the client.
200
Headers
Content-Type: application/json
Body
{
"items":[
{
"extId": "99990100",
"clientExtId": "1000",
"description": "sendingMethod=PDFemail", //can be also freetext
"name": "TicketPolicyForPDFEmailSending",
"policyType": "TicketPolicy",
"defaultPolicy": true,
"version": 0,
"created": "2018-04-24T14:22:19Z",
"lastModified": "2018-04-24T14:22:19Z"
},
{
"extId": "99990049",
"clientExtId": "1000",
"description": "sendingMethod=SMS", //can be also freetext
"name": "TicketPolicyForSMSSending",
"policyType": "TicketPolicy",
"defaultPolicy": true,
"version": 43,
"created": "2018-04-24T14:22:19Z",
"lastModified": "2018-04-24T14:22:19Z"
}
],
"_pagination": {
"continuationToken": "1524579739_99990049",
"limit":100
}
}
Client personal questions experimental ¶
Get personal questionsGET/clients/{extId}/personal-questions
Returns all personal questions of the client with the given external ID.
Required permissions
AccessControl.ClientView, AccessControl.PersonalQuestionView
Example URI
- extId
string
(required) Example: 1000ExtID of the client.
200
Headers
Content-Type: application/json
Body
{
"items": [
{
"extid": "102",
"clientExtId": "1000",
"version": 0,
"description": "something",
"stateName": "active",
"displayName": {
"EN": "Question1",
"DE": "Question1",
"FR": "Question1",
"IT": "Question1"
},
"content": {
"EN": "QuestionContent1",
"DE": "QuestionContent1",
"FR": "QuestionContent1",
"IT": "QuestionContent1"
}
},
{
"extid": "101",
"clientExtId": "1000",
"version": 0,
"description": "something",
"stateName": "active",
"displayName": {
"EN": "Question2",
"DE": "Question2",
"FR": "Question2",
"IT": "Question2"
},
"content": {
"EN": "QuestionContent2",
"DE": "QuestionContent2",
"FR": "QuestionContent2",
"IT": "QuestionContent2"
}
}
],
"_pagination": {
"continuationToken": "1524579739_101",
"limit": 100
}
}
Create new personal questionPOST/clients/{extId}/personal-questions
Creates a new personal question for the client with the given external ID.
Required permissions
AccessControl.ClientView, AccessControl.PersonalQuestionCreate
Example URI
- extId
string
(required) Example: 1000ExtID of the client.
Headers
Content-Type: application/json
Body
{
"extId": "1003",
"clientExtId": "1000",
"version": 1,
"description": "something",
"stateName": "active",
"displayName": {
"DE": "QuestionNew",
"EN": "QuestionNew",
"FR": "QuestionNew",
"IT": "QuestionNew"
},
"content": {
"DE": "QuestionNewContent",
"EN": "QuestionNewContent",
"FR": "QuestionNewContent",
"IT": "QuestionNewContent"
}
}
201
Headers
Location: https://your-host/nevisidm/api/core/v1/1000/personal-questions/1003
Applications ¶
These endpoints enable the caller
-
to create and delete applications,
-
to obtain a given application resource, and
-
to list or change the roles assigned to the given application.
An application can belong to many clients. It may have zero to many roles. As roles are application-specific, a role can only be assigned to one application.
Please note that if you delete an application, it is no longer accessible for all users of all clients.
Application
The application DTO has the following fields:
-
extId - External ID of the application (read-only string).
-
name - Internal name of the application (string).
-
description - Textual description of the application (string).
-
url - URL of the application.
-
displayed - Determines whether the application must be displayed on nevisPortal (boolean).
-
displayName - Language-dependent name of the application (object).
- EN - Application name in English (string).
- DE - Application name in German (string).
- FR - Application name in French (string).
- IT - Application name in Italian (string).
-
version - Version used for optimistic locking (number).
-
created - Creation date of the entity (read-only string).
-
lastModified - Date when the entity was last modified (read-only string).
Role
The role DTO has the following fields:
-
extId - The external ID of the role (read-only string).
-
applicationExtId - The external ID of the application the role belongs to (string).
-
applicationName - The name of the application the role belongs to (string).
-
name - The name of the role (string).
-
description - The textual description of the role (string).
-
version - The version used for optimistic locking (number).
-
created - The creation date of the entity (read-only string).
-
lastModified - The date when the entity was last modified (string).
Applications ¶
Create applicationPOST/applications/
Creates a new application.
Required permissions
AccessControl.ApplicationCreate
Example URI
Headers
Content-Type: application/json
Body
{
"extId": "1001",
"version": 10,
"name": "Confluence",
"description": "Confluence is used to store documents.",
"url": "www.example.com/confluence/",
"displayed": true,
"displayName": {
"EN": "Confluence",
"DE": "Confluence",
"FR": "Confluence",
"IT": "Confluence"
}
}
201
Headers
Location: https://your-host/nevisidm/api/core/v1/applications/1001
Applications ¶
Get applicationGET/applications/{extId}
Returns the application with the given external ID.
Required permissions
AccessControl.ApplicationView
Example URI
- extId
string
(required) Example: 1001ExtID of the application.
200
Headers
Content-Type: application/json
Body
{
"extId": "1001",
"version": 10,
"name": "Confluence",
"description": "Confluence is used to store documents.",
"url": "www.example.com/confluence/",
"displayed": true,
"displayName": {
"EN": "Confluence",
"DE": "Confluence",
"FR": "Confluence",
"IT": "Confluence"
},
"created": "2017-08-17T00:00:00Z",
"lastModified": "2017-08-17T00:00:00Z"
}
Update applicationPATCH/applications/{extId}
Updates the application with the given external ID.
Required permissions
AccessControl.ApplicationView, AccessControl.ApplicationModify
Example URI
- extId
string
(required) Example: 1001ExtID of the application.
Headers
Content-Type: application/json
Body
{
"version": 10,
"name": "Confluence",
"description": "Confluence is used to store documents.",
"url": "www.example.com/confluence/",
"displayed": true,
"displayName": {
"EN": "Confluence",
"DE": "Confli",
"FR": "Confluence",
"IT": "Confluence"
}
}
200
Headers
Content-Type: application/json
Body
{
"extId": "1001",
"version": 11,
"name": "Confluence",
"description": "Confluence is used to store documents.",
"url": "www.example.com/confluence/",
"displayed": true,
"displayName": {
"EN":"Confluence",
"DE":"Confli",
"FR":"Confluence",
"IT":"Confluence"
}
"created": "2017-08-17T00:00:00Z",
"lastModified": "2017-08-17T00:00:00Z"
}
Delete applicationDELETE/applications/{extId}
Deletes the application with the given external ID.
Required permissions
AccessControl.ApplicationDelete
Example URI
- extId
string
(required) Example: 1001ExtID of the application.
204
Application roles ¶
Get application rolesGET/applications/{extId}/roles
Returns all roles of the application with the given external ID.
Required permissions
AccessControl.ApplicationView, AccessControl.RoleView
Example URI
- extId
string
(required) Example: 1001ExtID of the application.
200
Headers
Content-Type: application/json
Body
{
"items": [
{
"extId": "233",
"applicationExtId": "1001",
"applicationName": "Confluence",
"version": 0,
"name": "regularRole",
"description": "role of normal users",
"created": "2017-08-17T00:00:00Z",
"lastModified": "2017-08-17T00:00:00Z"
},
{
"extId": "211",
"applicationExtId": "1001",
"applicationName": "Confluence",
"version": 0,
"name": "adminRole",
"description": "role of admins",
"created": "2017-08-17T00:00:00Z",
"lastModified": "2017-08-17T00:00:00Z"
}
],
"_pagination": {
"continuationToken": "1502928000_211",
"limit": 100
}
}
Create rolePOST/applications/{extId}/roles
Creates a new role for the application with the given external ID.
Required permissions
AccessControl.RoleCreate
Example URI
- extId
string
(required) Example: 1001ExtID of the application.
Headers
Content-Type: application/json
Body
{
"extId": "1020",
"name": "readonlyRole",
"description": "role of read-only users"
}
201
Headers
Location: https://your-host/nevisidm/api/core/v1/roles/1020
Application properties ¶
Get propertiesGET/applications/{extId}/properties/
Returns all properties of the application with the given external ID, as an object of key-value pairs. If there are no properties found, an empty object is returned. Properties are additional, customer-specific attributes of an entity.
Required permissions
AccessControl.ApplicationView, AccessControl.PropertyView, AccessControl.PropertyValueView, AccessControl.PropertyAllowedValueView
Example URI
- extId
string
(required) Example: 1001ExtID of the application.
Headers
Content-Type: application/json
200
Headers
Content-Type: application/json
Body
{
"propertyKey1" : "propertyValue1",
"propertyKey2" : "propertyValue2",
}
Update applicationPATCH/applications/{extId}/properties/
Updates the properties of the application with the given external ID. The request body must contain an object of key-value property pairs.
Required permissions
AccessControl.PropertyView, AccessControl.PropertyValueView, AccessControl.PropertyAllowedValueView, AccessControl.PropertyValueCreate, AccessControl.PropertyValueModify, AccessControl.PropertyValueDelete
Example URI
- extId
string
(required) Example: 1001ExtID of the application.
Headers
Content-Type: application/json
Body
{
"propertyKey1": "propertyNewValue1",
"propertyKey3": "propertyNewValue3"
}
200
Headers
Content-Type: application/json
Body
{
"propertyKey1" : "propertyNewValue1",
"propertyKey2" : "propertyValue2",
"propertyKey3" : "propertyNewValue3",
}
User REST Service ¶
Users build the core element of the system.
A user can have zero to many credentials of different types. During its entire lifetime, a credential belongs to only one particular user. The nevisIDM reference guide describes how many credentials of a certain type a user can possess.
A user can have zero to many profiles. Profiles connect a user to roles and units.
Profiles and credentials strictly belong to one particular user. It is not possible to reassign a profile or a credential to another user.
User external IDs are unique per client only, not globally. Therefore, you must always set the target client.
User DTO
The user DTO has the following fields:
-
extId - The external ID of the user. Can only be set on creation.
-
clientExtId - The external ID of the client the user belongs to (string).
-
userState - The state of the user (string).
-
loginId - The login ID (username) of the user (string).
-
languageCode - The default language of the user (string).
-
isTechnicalUser - Determines whether the user is a regular user like a real person, or a technical user like another software (boolean).
-
name - The name of the user (object).
- title - The title of the user (string).
- firstName - The first name of the user (string).
- familyName - The last name of the user (string).
-
sex - The biological sex of the user. This is not the same as legal gender (string).
-
gender - The gender of the user. Possible values are ‘female’, ‘male’ and ‘other’ (Note: The gender value ‘other’ is only supported if the policy ‘application.feature.othergender.enabled’ is enabled for the client of the user.) (string).
-
birthDate - The user’s date of birth in ISO format (string).
-
address - The address of the user (object).
- countryCode - The ISO country code of the user (string).
- city - The city where the user lives (string).
- postalCode - The postal code (or ZIP code) of the user (string).
- addressline1 - Free text for supplementary address information (string).
- addressline2 - Free text for supplementary address information (string).
- street - the street of the user (string).
- houseNumber - The house number of the user (string).
- dwellingNumber - The dwelling number (string). This number is relevant in combination with the user’s house number.
- postOfficeBoxText - Describes the term “post box” according to the accepted form in the given country (string).
- postOfficeBoxNumber - The number of the post box (number).
-
contacts - Telephone numbers and e-mail addresses on which the user can be contacted (object).
- telephone - The number of the user’s landline (string).
- telefax - The fax number of the user (string).
- mobile - The cellphone number of the user (string).
- email - the e-mail address of the user (string).
-
validity - The validity period of the user entity (object).
- to - The end date of the user’s validity period in ISO format (string).
- from - The start date of the user’s validity period in ISO format (string).
-
remarks - General textual remark about the user (string).
-
modificationComment - Textual comment on the last modification (string).
-
version - Version used for optimistic locking (number).
-
created - Creation date of the entity (read-only string).
-
lastModified - Date when the entity was last modified (string).
Profile DTO
The profile DTO has the following fields:
-
extId - The external ID of the profile (read-only string).
-
userExtId - The external ID of the user to whom the profile belongs (read-only string).
-
unitExtId - The external ID of the unit to which the profile belongs (read-only string).
-
clientExtId - The external ID of the client to which the policy belongs (read-only string).
-
deputedProfileExtId - The external ID of the deputed profile (read-only string).
-
name - The name of the profile (string).
-
profileState - The state of the profile (string).
-
isDefaultProfile - Determines whether the profile is default or not (boolean).
-
remarks - Textual remark regarding the profile (string).
-
modificationComment - Textual comment regarding the last modification (string).
-
validity - Describes the validity period of the profile (object).
- from - Start date of the profile’s validity in ISO format (string).
- to - End date of the profile’s validity in ISO format (string).
-
version - Version used for optimistic locking (number).
-
created - Creation date of the entity (read-only string).
-
lastModified - Date when the entity was last modified (read-only string).
Consent Create DTO
The consent create DTO has the following fields:
- termsExtId - External ID of the terms.
Terms DTO
The terms get DTO has the following fields:
-
extId - The external id of the Terms object (string).
-
name - The name of the Terms object (string).
-
active - Determines whether the terms are active or not (boolean).
-
silentAcceptance - Determines whether the terms are accepted silently or not (boolean).
-
termsVersion - The version of the Terms (string).
-
created - The creation date (Date).
-
lastModified - The date of the last modification (Date).
-
urls - Actual Terms and Conditions pages (string: string pairs).
-
applicationExtIds - List of external ids of the applications for which the terms are assigned.
Users ¶
Create userPOST/{clientExtId}/users/
Creates a new user for the client with the given external ID.
Required permissions
AccessControl.UserCreate, AccessControl.PolicyConfigurationView, AccessControl.UserCreateTechUser (for creating technical users only)
Example URI
- clientExtId
string
(required) Example: 1000ExtID of the client.
Headers
Content-Type: application/json
Body
{
"extId": "4254",
"userState": "active",
"loginId": "testUser",
"languageCode": "en",
"isTechnicalUser": false,
"name": {
"title": "Mr.",
"firstName": "John",
"familyName": "Doe"
},
"sex": "male",
"gender": "male",
"birthDate": "1969-04-12",
"address": {
"countryCode": "ch",
"city": "Zurich",
"postalCode": "123414",
"addressline1": "PostBox 1241",
"addressline2": "Company XYZ",
"street": "Poststreet",
"houseNumber": "12",
"dwellingNumber": "102B",
"postOfficeBoxText": "PostBox",
"postOfficeBoxNumber": 1241
},
"contacts": {
"telephone": "+41781254153",
"telefax": "+41781254154",
"mobile": "+41781254156",
"email": "john.doe@adnovum.ch"
},
"validity": {
"from": "2016-12-31T12:00:00Z",
"to": "2022-01-01T12:00:00Z"
},
"remarks": "This is the new test user john doe",
"modificationComment": "He lives in ZH"
}
201
Headers
Location: https://your-host/nevisidm/api/core/v1/1000/users/4254
User ¶
Get userGET/{clientExtId}/users/{extId}
Returns the user with the given external ID, belonging to the client with the given external ID.
Required permissions
AccessControl.UserView
Example URI
- clientExtId
string
(required) Example: 1000ExtID of the client.
- extId
string
(required) Example: 1000ExtID of the user.
200
Headers
Content-Type: application/json
Body
{
"extId": "1000",
"clientExtId": "1000",
"userState":"active",
"version":0,
"loginId":"testUser",
"languageCode":"en",
"isTechnicalUser":false,
"name":{
"title":"Mr.",
"firstName":"John",
"familyName":"Doe"
},
"sex":"male",
"gender":"male",
"birthDate":"1969-04-12",
"address":{
"countryCode":"ch",
"city":"Zurich",
"postalCode":"123414",
"addressline1":"PostBox 1241",
"addressline2":"Company XYZ",
"street":"Poststreet",
"houseNumber":"12",
"dwellingNumber":"102B",
"postOfficeBoxText":"PostBox",
"postOfficeBoxNumber":1241
},
"contacts":{
"telephone":"+41781254153",
"telefax":"+41781254154",
"mobile":"+41781254156",
"email":"john.doe@adnovum.ch"
},
"validity":{
"from":"2016-12-31T12:00:00Z",
"to":"2022-01-01T12:00:00Z"
},
"remarks":"This is test user john doe",
"modificationComment":"Adjusted his address",
"created": "2018-04-24T14:22:20Z",
"lastModified": "2018-04-24T14:22:20Z",
}
Delete userDELETE/{clientExtId}/users/{extId}
Deletes the user with the given external ID, belonging to the client with the given external ID.
Required permissions
AccessControl.UserDelete, AccessControl.UserDeleteTechUser (for deleting technical users only)
Example URI
- clientExtId
string
(required) Example: 1000ExtID of the client.
- extId
string
(required) Example: 1000ExtID of the user.
204
Update userPATCH/{clientExtId}/users/{extId}
Updates the user with the given external ID, belonging to the client with the given external ID.
Required permissions
AccessControl.UserView, AccessControl.UserModify, AccessControl.UserModifyTechUser (for modifying technical users only)
Example URI
- clientExtId
string
(required) Example: 1000ExtID of the client.
- extId
string
(required) Example: 1000ExtID of the user.
Headers
Content-Type: application/json
Body
{
"userState": "active",
"version": 0,
"loginId": "testUser",
"languageCode": "en",
"isTechnicalUser": false,
"name": {
"title": "Mr.",
"firstName": "John",
"familyName": "Doe"
},
"sex": "male",
"gender": "male",
"birthDate": "1969-04-12",
"address": {
"countryCode": "ch",
"city": "Budapest",
"postalCode": "123414",
"addressline1": "PostBox 1241",
"addressline2": "Company XYZ",
"street": "Poststreet",
"houseNumber": "12",
"dwellingNumber": "102B",
"postOfficeBoxText": "PostBox",
"postOfficeBoxNumber": 1241
},
"contacts": {
"telephone": "+41781234567",
"telefax": "+41781254154",
"mobile": "+41781254156",
"email": "john.doe@adnovum.ch"
},
"validity": {
"from": "2016-12-31T12:00:00Z",
"to": "2022-01-01T12:00:00Z"
},
"remarks": "This is test user john doe",
"modificationComment": "Adjusted his telephone number"
}
200
Headers
Content-Type: application/json
Body
{
"extId": "1000",
"clientExtId": "1000",
"userState":"active",
"version":1,
"loginId":"testUser",
"languageCode":"en",
"isTechnicalUser":false,
"name":{
"title":"Mr.",
"firstName":"John",
"familyName":"Doe"
},
"sex":"male",
"gender":"male",
"birthDate":"1969-04-12",
"address":{
"countryCode":"ch",
"city":"Budapest",
"postalCode":"123414",
"addressline1":"PostBox 1241",
"addressline2":"Company XYZ",
"street":"Poststreet",
"houseNumber":"12",
"dwellingNumber":"102B",
"postOfficeBoxText":"PostBox",
"postOfficeBoxNumber":1241
},
"contacts":{
"telephone":"+41781234567",
"telefax":"+41781254154",
"mobile":"+41781254156",
"email":"john.doe@adnovum.ch"
},
"validity":{
"from":"2016-12-31T12:00:00Z",
"to":"2022-01-01T12:00:00Z"
},
"remarks":"This is test user john doe",
"modificationComment":"Adjusted his telephone number"
"created": "2018-04-24T14:22:20Z",
"lastModified": "2018-04-24T14:22:20Z"
}
Properties experimental ¶
Get propertiesGET/{clientExtId}/users/{extId}/properties/
Returns all properties of the user with the given external ID, as an object of key-value pairs. If there are no properties found, an empty object is returned. Properties are additional, customer-specific attributes of an entity.
Required permissions
AccessControl.UserView, AccessControl.PropertyView, AccessControl.PropertyValueView, AccessControl.PropertyAllowedValueView
Example URI
- clientExtId
string
(required) Example: 1000ExtID of the client.
- extId
string
(required) Example: 1000ExtID of the user.
200
Headers
Content-Type: application/json
Body
{
"propertyKey1" : "propertyValue1",
"propertyKey2" : "propertyValue2",
}
Update user properties experimentalPATCH/{clientExtId}/users/{extId}/properties/
Updates the properties of the user with the given external ID, belonging to the client with the given external ID. The body must contain an object of key-value property pairs.
Required permissions
AccessControl.UserView, AccessControl.UserModify, AccessControl.PropertyValueCreate, AccessControl.PropertyValueDelete, AccessControl.PropertyValueModify
Example URI
- clientExtId
string
(required) Example: 1000ExtID of the client.
- extId
string
(required) Example: 1000ExtID of the user.
Headers
Content-Type: application/json
Body
{
"propertyKey1": "propertyNewValue1",
"propertyKey3": "propertyNewValue3"
}
200
Headers
Content-Type: application/json
Body
{
"propertyKey1": "propertyNewValue1",
"propertyKey2": "propertyValue2",
"propertyKey3": "propertyNewValue3"
}
User profiles ¶
Get user profilesGET/{clientExtId}/users/{extId}/profiles/
Returns all profiles of the user with the given external ID.
Required permissions
AccessControl.UserView, AccessControl.ProfileView
Example URI
- clientExtId
string
(required) Example: 1000ExtID of the client.
- extId
string
(required) Example: 100ExtID of the user.
200
Headers
Content-Type: application/json
Body
{
"items": [
{
"extId": "1002",
"userExtId": "100",
"unitExtId": "200",
"clientExtId": "1000",
"deputedProfileExtId": "8566",
"profileState": "active",
"version": 0,
"name": "something",
"isDefaultProfile": true,
"remarks": "something",
"modificationComment": "none",
"created": "2018-04-24T14:22:20Z",
"lastModified": "2018-04-24T14:22:20Z"
},
{
"extId": "1001",
"userExtId": "100",
"unitExtId": "200",
"clientExtId": "1000",
"deputedProfileExtId": "8566",
"profileState": "active",
"version": 0,
"name": "something2",
"isDefaultProfile": true,
"remarks": "something2",
"modificationComment": "none",
"created": "2018-04-24T14:22:20Z",
"lastModified": "2018-04-24T14:22:20Z"
}
],
"_pagination": {
"continuationToken": "1524579740_1001",
"limit": 100
}
}
Create user profilePOST/{clientExtId}/users/{extId}/profiles/
Creates a new profile for the user with the given external ID.
Required permissions
AccessControl.ProfileCreate, AccessControl.AuthorizationCreate (for creating non-technical users only)
Example URI
- clientExtId
string
(required) Example: 1000ExtID of the client.
- extId
string
(required) Example: 100ExtID of the user.
Headers
Content-Type: application/json
Body
{
"extId": "1003",
"unitExtId": "200",
"deputedProfileExtId": "8566",
"profileState": "active",
"version": 0,
"name": "something3",
"isDefaultProfile": true,
"remarks": "something3",
"modificationComment": "none"
}
201
Headers
Location: https://your-host/nevisidm/api/core/v1/1000/profiles/1003
User archive ¶
Archive userPOST/{clientExtId}/users/{extId}/archive/
Archives an existing user with the given external ID. All the profiles of the user are archived and the credentials are deleted.
Required permissions
AccessControl.UserView, AccessControl.UserArchive, AccessControl.UserArchiveTechUser (for archiving technical users only)
Example URI
- clientExtId
string
(required) Example: 1000ExtID of the client.
- extId
string
(required) Example: 1000ExtID of the user.
204
Consents ¶
Create consentPOST/{clientExtId}/users/{extId}/consents/
Creates a consent by accepting terms for a user determined by its client external ID and user external ID. The accepted terms are determined by the terms external ID provided in the request body.
Required permissions
AccessControl.ConsentCreate
Example URI
- clientExtId
string
(required) Example: 1000ExtID of the client.
- extId
string
(required) Example: 1000ExtID of the user.
Headers
Content-Type: application/json
Body
{
"termsExtId": "1001"
}
201
Headers
Location: https://your-host/nevisidm/api/core/v1/1000/users/1000/consents/1001
Pending terms ¶
Get pending termsGET/users/terms-pending/
Gets all the terms for a user for which there is no consent given for the current version yet (or silent acceptance is not true).
Required permissions
AccessControl.ConsentView, AccessControl.TermsView
Example URI
Headers
Content-Type: application/json
200
Headers
Content-Type: application/json
Body
{
"items": [
{
"extId": "8865",
"name": "Terms and conditions",
"active": true,
"silentAcceptance": false,
"termsVersion": "1.0",
"created": "2018-04-24T14:22:20Z",
"lastModified": "2018-04-24T14:22:20Z",
"urls": {
"es": "https://www.sampleUrl.terms",
"it": "https://www.sampleUrl2.terms"
},
"applicationExtIds": [
"10101",
"20202"
]
},
{
"extId": "8866",
"name": "Terms and conditions for cats",
"active": true,
"silentAcceptance": true,
"termsVersion": "1.1",
"created": "2018-04-24T14:22:20Z",
"lastModified": "2018-04-24T14:22:20Z",
"urls": {
"es": "https://www.sampleUrlA.terms",
"it": "https://www.sampleUrlB.terms"
},
"applicationExtIds": [
"11111",
"22222"
]
}
]
}
Profile REST Service ¶
Profiles are connecting users with units, roles and enterprise roles.
A profile belongs to one user, and one user only, during its lifetime. A user can have zero to many profiles. Each profile is independent from each other. For example, suppose a user has the profiles A and B. If the user is logged in with profile A, the system will not consider the roles assigned to profile B.
A profile must belong to a unit. This unit can be freely changed.
It is possible to assign multiple roles and enterprise roles to a profile with PUT. Likewise, it is possible to unassign roles and enterprise roles from the profile with DELETE.
Authorizations are connector objects in the business model. They connect a given profile with a given role. Authorizations have some attributes that you can set through the nevisIDM REST API:
-
clientGlobal,
-
unitGlobal,
-
appGlobal, and
-
enterpriseRoleGlobal.
Enterprise authorizations are considered as special business objects. They connect a profile with an enterprise role.
Profile external IDs are unique per client only, not globally. Therefore, you must always set the target client.
Profile DTO
The profile DTO has the following fields:
-
extId - The external ID of the profile (read-only string).
-
userExtId - The external ID of the user to whom the profile belongs (read-only string).
-
unitExtId - The external ID of the unit to which the profile belongs (read-only string).
-
clientExtId - The external ID of the client to which the policy belongs (read-only string).
-
deputedProfileExtId - The external ID of the deputed profile (read-only string).
-
name - The name of the profile (string).
-
profileState - The state of the profile (string).
-
isDefaultProfile - Determines whether the profile is default or not (boolean).
-
remarks - Textual remark regarding the profile (string).
-
modificationComment - Textual comment regarding the last modification (string).
-
validity - Describes the validity period of the profile (object).
- from - Start date of the profile’s validity in ISO format (string).
- to - End date of the profile’s validity in ISO format (string).
-
version - Version used for optimistic locking (number).
-
created - Creation date of the entity (read-only string).
-
lastModified - Date when the entity was last modified (read-only string).
Authorization DTO
The authorization DTO has the following fields:
-
extId - The external ID of the object.
-
roleExtId - The external ID of the connected role (read-only string).
-
clientGlobal - Determines whether the authorization is applicable for the whole client (boolean). You can set this attribute with the nevisIDM REST API.
-
unitGlobal - Determines whether the authorization is restricted to a unit (boolean). You can set this attribute with the nevisIDM REST API.
-
appGlobal - Determines whether the authorization is restricted to an application (boolean). You can set this attribute with the nevisIDM REST API.
-
enterpriseRoleGlobal - Determines whether the authorization is restricted to an enterprise role (boolean). You can set this attribute with the nevisIDM REST API.
-
validity - Describes the validity period of the authorization (object).
- from - Start date of the authorization’s validity in ISO format (string).
- to - End date of the authorization’s validity in ISO format (string).
-
version - Version used for optimistic locking (number).
-
created - Creation date of the entity (string).
-
lastModified - Date when the entity was last modified (string).
Application DTO
The application DTO has the following fields:
-
extId - External ID of the application (read-only string).
-
name - Internal name of the application (string).
-
description - Textual description of the application (string).
-
url - URL of the application.
-
displayed - Determines whether the application must be displayed on nevisPortal (boolean).
-
displayName - Language-dependent name of the application (object).
- EN - Application name in English (string).
- DE - Application name in German (string).
- FR - Application name in French (string).
- IT - Application name in Italian (string).
-
version - Version used for optimistic locking (number).
-
created - Creation date of the entity (read-only string).
-
lastModified - Date when the entity was last modified (read-only string).
Unit DTO
The unit DTO has the following fields:
-
extId - The external ID of the unit (read-only string).
-
parentUnitExtId - The external ID of the parent unit (read-only string).
-
clientExtId - The external ID of the client the unit belongs to (read-only string).
-
name - The name of the unit (string).
-
hierarchicalName - The path from the root unit to the actual unit. The external IDs of the units are concatenated with the “/” character (read-only string).
-
description - The textual description of the unit (string).
-
location - Free textual description of the physical location of the unit. Different departments of a company can be in different locations (string).
-
displayName - The language-dependent name of the unit (object).
- EN - Unit name in English (string).
- DE - Unit name in German (string).
- FR - Unit name in French (string).
- IT - Unit name in Italian (string).
-
abbreviation - The short form of the unit’s name (object).
- EN - Abbreviation in English (string).
- DE - Abbreviation in German (string).
- FR - Abbreviation in French (string).
- IT - Abbreviation in Italian (string).
-
profileless - Determines whether profile assignment is allowed (boolean).
-
validity - The validity period of the unit entity (object).
- from - The start date of the unit’s validity period in ISO format (string).
- to - The end date of the unit’s validity period in ISO format (string).
-
modificationComment - Textual comment regarding the last modification (string).
-
version - Version used for optimistic locking (number).
-
created - Creation date of the entity (read-only string).
-
lastModified - Date when the entity was last modified (read-only string).
Enterprise Authorization DTO
The enterprise authorization DTO has the following fields:
-
extId - The external ID of the object.
-
enterpriseRoleExtId - The external ID of the enterprise role (read-only string).
-
validity - Describes the validity period of the authorization (object).
- from - Start date of the authorization’s validity in ISO format (string).
- to - End date of the authorization’s validity in ISO format (string).
-
version - Version used for optimistic locking (number).
-
created - Creation date of the entity (string).
-
lastModified - Date when the entity was last modified (string).
Enterprise role DTO
The enterprise role DTO has the following fields:
-
extId - The external ID of the enterprise role (string).
-
clientExtId - The external ID of the client to which the enterprise role belongs (string).
-
name - The name of the enterprise role (string).
-
description - The textual description of the enterprise role (string).
-
displayName - The language-dependent name of the enterprise role (object).
- EN - The enterprise role name in English (string).
- DE - The enterprise role name in German (string).
- FR - The enterprise role name in French (string).
- IT - The enterprise role name in Italian (string).
-
version - Version used for optimistic locking (number).
-
created - Creation date of the entity (string).
-
lastModified - The date when the entity was last modified (string).
Profile ¶
Get profileGET/{clientExtId}/profiles/{extId}
Returns the profile with the given external ID, belonging to the client with the given external ID.
Required permissions
AccessControl.ProfileView
Example URI
- clientExtId
string
(required) Example: 1000ExtID of the client.
- extId
string
(required) Example: 1001ExtID of the profile.
200
Headers
Content-Type: application/json
Body
{
"extId": "1001",
"userExtId": "1012",
"unitExtId": "1000",
"clientExtId": "1000",
"deputedProfileExtId": "8566",
"profileState": "active",
"version": 0,
"name": "something",
"isDefaultProfile": true,
"remarks": "something",
"modificationComment": "none",
"created": "2018-04-24T14:22:20Z",
"lastModified": "2018-04-24T14:22:20Z"
"validity": {
"from":"2016-12-31T12:00:00Z",
"to":"2022-01-01T12:00:00Z"
}
}
Update profilePATCH/{clientExtId}/profiles/{extId}
Updates the profile with the given external ID, which belongs to the client with the given external ID.
Required permissions
AccessControl.ProfileView, AccessControl.ProfileModify
Example URI
- clientExtId
string
(required) Example: 1000ExtID of the client.
- extId
string
(required) Example: 1001ExtID of the profile.
Headers
Content-Type: application/json
Body
{
"profileState": "active",
"version": 1,
"name": "something",
"isDefaultProfile": true,
"remarks": "something",
"modificationComment": "new validity",
"validity": {
"from": "2016-12-31T12:00:00Z",
"to": "2024-01-01T12:00:00Z"
}
}
200
Headers
Content-Type: application/json
Body
{
"extId": "1001",
"userExtId": "1012",
"unitExtId": "1000",
"clientExtId": "1000",
"deputedProfileExtId": "8566",
"profileState": "active",
"version": 2,
"name": "something",
"isDefaultProfile": true,
"remarks": "something",
"modificationComment": "new validity",
"validity": {
"from": "2016-12-31T12:00:00Z",
"to": "2024-01-01T12:00:00Z"
},
"created": "2018-04-24T14:22:20Z",
"lastModified": "2018-04-24T14:22:20Z"
}
Delete profileDELETE/{clientExtId}/profiles/{extId}
Deletes the profile with the given external ID, belonging to the client with the given external ID.
Required permissions
AccessControl.ProfileDelete
Example URI
- clientExtId
string
(required) Example: 1000ExtID of the client.
- extId
string
(required) Example: 1001ExtID of the profile.
204
Profile roles ¶
Get profile rolesGET/{clientExtId}/profiles/{extId}/roles
Returns all roles of the profile with the given external ID, including roles assigned over the enterprise roles.
Required permissions
AccessControl.AuthorizationView
Example URI
- clientExtId
string
(required) Example: 1000ExtID of the client.
- extId
string
(required) Example: 1001ExtID of the profile.
200
Headers
Content-Type: application/json
Body
{
"items": [
{
"extId": "2011",
"applicationExtId": "1000",
"applicationName": "Confluence",
"version": 0,
"name": "regularRole",
"description": "role of normal users",
"created": "2018-04-24T14:22:20Z",
"lastModified": "2018-04-24T14:22:20Z"
},
{
"extId": "2033",
"applicationExtId": "1000",
"applicationName": "Confluence",
"version": 0,
"name": "adminRole",
"description": "role of admins",
"created": "2018-04-24T14:22:20Z",
"lastModified": "2018-04-24T14:22:20Z"
}
],
"_pagination": {
"continuationToken": "1524579740_2033",
"limit": 100
}
}
Profile enterprise roles ¶
Get profile erolesGET/{clientExtId}/profiles/{extId}/eroles
Returns all enterprise roles of the profile with the given external ID.
Required permissions
AccessControl.EnterpriseAuthorizationView
Example URI
- clientExtId
string
(required) Example: 1000ExtID of the client.
- extId
string
(required) Example: 1001ExtID of the profile.
200
Headers
Content-Type: application/json
Body
{
"items": [
{
"extId": "2031",
"clientExtId": "1000",
"version": 1,
"name": "erole1",
"description": "erole1",
"displayName": {
"EN": "erole1",
"DE": "erole1",
"FR": "erole1",
"IT": "erole1"
},
"created": "2018-04-24T14:22:20Z",
"lastModified": "2018-04-24T14:22:20Z"
},
{
"extId": "2034",
"clientExtId": "1000",
"version": 3,
"name": "erole2",
"description": "erole2",
"displayName": {
"EN": "erole2",
"DE": "erole2",
"FR": "erole2",
"IT": "erole2"
},
"created": "2018-04-24T14:22:20Z",
"lastModified": "2018-04-24T14:24:20Z"
}
],
"_pagination": {
"continuationToken": "1524579740_2034",
"limit": 100
}
}
Profile unit ¶
Get unitGET/{clientExtId}/profiles/{extId}/unit
Returns the unit of the profile with the given external ID.
Required permissions
AccessControl.ProfileView
Example URI
- clientExtId
string
(required) Example: 1000ExtID of the client.
- extId
string
(required) Example: 1001ExtID of the profile.
200
Headers
Content-Type: application/json
Body
{
"extId": "1000",
"parentUnitExtId": "2311",
"clientExtId": "1000",
"version": 0,
"hierarchicalName": "2311/1000",
"name": "MyUnit1",
"location": "something",
"description": "something",
"displayName": {
"EN": "MyUnit1",
"DE": "MyUnit1",
"FR": "MyUnit1",
"IT": "MyUnit1"
},
"abbreviation": {
"EN": "MU1",
"DE": "MU1",
"FR": "MU1",
"IT": "MU1"
},
"profileless": false,
"modificationComment": "blabla",
"validity": {
"from": "2016-12-31T12:00:00Z",
"to": "2022-01-01T12:00:00Z"
},
"created": "2018-04-24T14:22:20Z",
"lastModified": "2018-04-24T14:22:20Z"
}
Profile unit ¶
Assign unitPUT/{clientExtId}/profiles/{profileExtId}/unit/{extId}
Replaces the actual unit assignment of the profile with the given external ID, by the unit with the given external ID.
Required permissions
AccessControl.UnitView, AccessControl.ProfileModify
Example URI
- clientExtId
string
(required) Example: 1000ExtID of the client.
- profileExtId
string
(required) Example: 1001ExtID of the profile.
- extId
string
(required) Example: 1002ExtID of the unit to be assigned.
204
Profile applications ¶
Get applicationsGET/{clientExtId}/profiles/{extId}/applications
Returns all applications that are authorized to be used by the profile with the given external ID.
Required permissions
AccessControl.ApplicationView
Example URI
- clientExtId
string
(required) Example: 1000ExtID of the client.
- extId
string
(required) Example: 1001ExtID of the profile.
200
Headers
Content-Type: application/json
Body
{
"items": [
{
"extId": "1000",
"version": 10,
"name": "Confluence",
"description": "Confluence is used to store documents.",
"url": "www.example.com/confluence/",
"displayed": true,
"displayName": {
"EN": "Confluence",
"DE": "Confluence",
"FR": "Confluence",
"IT": "Confluence"
},
"created": "2018-04-24T14:22:20Z",
"lastModified": "2018-04-24T14:22:20Z"
},
{
"extId": "1001",
"version": 0,
"name": "Jira",
"description": "Jira is for ticketing.",
"url": "www.example.com/Jira/",
"displayed": true,
"displayName": {
"EN": "Jira",
"DE": "Jira",
"FR": "Jira",
"IT": "Jira"
},
"created": "2018-04-24T14:22:20Z",
"lastModified": "2018-04-24T14:22:20Z"
}
],
"_pagination": {
"continuationToken": "1524579740_1001",
"limit": 100
}
}
Profile properties experimental ¶
Get propertiesGET/{clientExtId}/profiles/{extId}/properties
Returns all properties of the profile with the given external ID, as an object of key-value pairs. If there are no properties found, an empty object is returned. Properties are additional, customer-specific attributes of an entity.
Required permissions
AccessControl.ProfileView, AccessControl.PropertyView, AccessControl.PropertyValueView, AccessControl.PropertyAllowedValueView
Example URI
- clientExtId
string
(required) Example: 1000ExtID of the client.
- extId
string
(required) Example: 1001ExtID of the profile.
200
Headers
Content-Type: application/json
Body
{
"propertyKey1" : "propertyValue1",
"propertyKey2" : "propertyValue2",
}
Update profile propertiesPATCH/{clientExtId}/profiles/{extId}/properties
Updates the properties of the profile with the given external ID, belonging to the client with the given external ID. The body must contain an object of key-value property pairs.
Required permissions
AccessControl.ProfileView, AccessControl.ProfileModify, AccessControl.PropertyValueCreate, AccessControl.PropertyValueModify, AccessControl.PropertyValueDelete, AccessControl.PropertyView, AccessControl.PropertyValueView, AccessControl.PropertyAllowedValueView
Example URI
- clientExtId
string
(required) Example: 1000ExtID of the client.
- extId
string
(required) Example: 1001ExtID of the profile.
Headers
Content-Type: application/json
Body
{
"propertyKey1": "propertyNewValue1",
"propertyKey3": "propertyNewValue3"
}
200
Headers
Content-Type: application/json
Body
{
"propertyKey1" : "propertyNewValue1",
"propertyKey2" : "propertyValue2",
"propertyKey3" : "propertyNewValue3",
}
Role REST Service ¶
A role represents the set of permissions of a user.
A role belongs to one application and one application only during its entire lifetime. As applications can be assigned to many clients, the external ID of a role is unique in the whole system. This enables the caller to obtain a specific role resource and to modify its fields.
Only the name and description of a role are modifiable. Therefore, modification of a role’s fields does not have any impact on the accessibility of the corresponding application.
Note that deleting a role implies its permanent removal from all profiles and enterprise roles.
Role DTO
The role DTO has the following fields:
-
extId - The external ID of the role (read-only string).
-
applicationExtId - The external ID of the application the role belongs to (string).
-
applicationName - The name of the application the role belongs to (string).
-
name - The name of the role (string).
-
description - The textual description of the role (string).
-
version - The version used for optimistic locking (number).
-
created - The creation date of the entity (read-only string).
-
lastModified - The date when the entity was last modified (string).
Role ¶
Get roleGET/roles/{extId}
Returns the role with the given external ID.
Required permissions
AccessControl.RoleView
Example URI
- extId
string
(required) Example: 231ExtID of the role.
200
Headers
Content-Type: application/json
Body
{
"extId": "231",
"applicationExtId": "1000",
"applicationName": "Confluence",
"version": 1,
"name": "regularRole",
"description": "role of normal users",
"created": "2018-04-24T14:22:20Z",
"lastModified": "2018-04-24T14:22:20Z"
}
Update rolePATCH/roles/{extId}
Updates the role with the given external ID.
Required permissions
AccessControl.RoleView, AccessControl.RoleModify
Example URI
- extId
string
(required) Example: 231ExtID of the role.
Headers
Content-Type: application/json
Body
{
"version": 1,
"name": "regularRole",
"description": "regular role of normal users"
}
200
Headers
Content-Type: application/json
Body
{
"extId": "231",
"applicationExtId": "1000",
"applicationName": "Confluence",
"version": 2,
"name": "regularRole",
"description": "regular role of normal users",
"created": "2018-04-24T14:22:20Z",
"lastModified": "2018-04-24T14:22:20Z"
}
Delete roleDELETE/roles/{extId}
Deletes the role with the given external ID.
Required permissions
AccessControl.RoleDelete
Example URI
- extId
string
(required) Example: 231ExtID of the role.
204
Properties ¶
Get propertiesGET/roles/{extId}/properties
Returns all properties of the role with the given external ID, as an object of key-value pairs. Properties are additional, customer-specific attributes of an entity.
Required permissions
AccessControl.RoleView, AccessControl.PropertyView, AccessControl.PropertyValueView, AccessControl.PropertyAllowedValueView
Example URI
- extId
string
(required) Example: 232ExtID of the role.
200
Headers
Content-Type: application/json
Body
{
"propertyKey1": "propertyValue1",
"propertyKey2": "propertyValue2"
}
Update role propertiesPATCH/roles/{extId}/properties
Updates the properties of a role with given external ID of the role. The body must contain an object of of key-value property pairs.
Required permissions
AccessControl.PropertyView, AccessControl.PropertyValueView, AccessControl.PropertyAllowedValueView, AccessControl.PropertyValueCreate, AccessControl.PropertyValueModify, AccessControl.PropertyValueDelete
Example URI
- extId
string
(required) Example: 232ExtID of the role.
Headers
Content-Type: application/json
Body
{
"propertyKey1": "propertyNewValue1",
"propertyKey3": "propertyNewValue3"
}
200
Headers
Content-Type: application/json
Body
{
"propertyKey1" : "propertyNewValue1",
"propertyKey2" : "propertyValue2",
"propertyKey3" : "propertyNewValue3",
}
Unit REST Service ¶
Units represent the organizational structure of a client. A unit always belongs to exactly one client; it is not possible to change this client during the unit’s lifetime. A unit can have a parent unit (except for root units). User profiles assigned to a certain unit represent the people that belong to this unit in accordance with the corporate organization.
Unit external IDs are unique per client only. Therefore, you must always set the target client.
Note that retrieval of only the root units of a client is not supported yet. The planned solution is to implement the following filter: “GET /clients/{extId}/units/”.
Unit DTO
The unit DTO has the following fields:
-
extId - The external ID of the unit (read-only string).
-
parentUnitExtId - The external ID of the parent unit (read-only string).
-
clientExtId - The external ID of the client the unit belongs to (read-only string).
-
name - The name of the unit (string).
-
hierarchicalName - The path from the root unit to the actual unit. The external IDs of the units are concatenated with the “/” character (read-only string).
-
description - The textual description of the unit (string).
-
location - Free textual description of the physical location of the unit. Different departments of a company can be in different locations (string).
-
displayName - The language-dependent name of the unit (object).
- EN - Unit name in English (string).
- DE - Unit name in German (string).
- FR - Unit name in French (string).
- IT - Unit name in Italian (string).
-
abbreviation - The short form of the unit’s name (object).
- EN - Abbreviation in English (string).
- DE - Abbreviation in German (string).
- FR - Abbreviation in French (string).
- IT - Abbreviation in Italian (string).
-
profileless - Determines whether profile assignment is allowed (boolean).
-
validity - The validity period of the unit entity (object).
- from - The start date of the unit’s validity period in ISO format (string).
- to - The end date of the unit’s validity period in ISO format (string).
-
modificationComment - Textual comment regarding the last modification (string).
-
version - Version used for optimistic locking (number).
-
created - Creation date of the entity (read-only string).
-
lastModified - Date when the entity was last modified (read-only string).
Units ¶
Create unitPOST/{clientExtId}/units/
Creates a new unit for the client with the given external ID.
Required permissions
AccessControl.UnitCreate, AccessControl.UnitCreateTopUnit (if no parent unit parentUnitExtId is provided)
Example URI
- clientExtId
string
(required) Example: 1000ExtID of the client.
Headers
Content-Type: application/json
Body
{
"extId": "1000",
"name": "MyUnit1",
"location": "something",
"description": "something",
"displayName": {
"EN": "MyUnit1",
"DE": "MyUnit1",
"FR": "MyUnit1",
"IT": "MyUnit1"
},
"abbreviation": {
"EN": "MU1",
"DE": "MU1",
"FR": "MU1",
"IT": "MU1"
},
"profileless": false,
"modificationComment": "blabla"
}
201
Headers
Location: https://your-host/nevisidm/api/core/v1/1000/units/1000
Unit ¶
Get unitGET/{clientExtId}/units/{extId}
Returns the unit with the given external ID, which belongs to the client with the given external ID.
Required permissions
AccessControl.UnitView
Example URI
- clientExtId
string
(required) Example: 1000ExtID of the client.
- extId
string
(required) Example: 1000ExtID of the unit.
200
Headers
Content-Type: application/json
Body
{
"extId": "1000",
"parentUnitExtId": "2311",
"clientExtId": "1000",
"version": 10,
"hierarchicalName": "2023/2311/1000",
"name": "MyUnit1",
"location": "something",
"description": "something",
"displayName": {
"EN": "MyUnit1",
"DE": "MyUnit1",
"FR": "MyUnit1",
"IT": "MyUnit1"
},
"abbreviation": {
"EN": "MU1",
"DE": "MU1",
"FR": "MU1",
"IT": "MU1"
},
"profileless": false,
"modificationComment": "blabla",
"validity": {
"from": "2100-01-01T00:00:00Z",
"to": "2200-01-01T00:00:00Z"
},
"created": "2018-04-24T14:22:20Z",
"lastModified": "2018-04-24T14:22:20Z"
}
Delete unitDELETE/{clientExtId}/units/{extId}
Deletes the unit with the given external ID, which belongs to the client with the given external ID.
Required permissions
AccessControl.UnitDelete
Example URI
- clientExtId
string
(required) Example: 1000ExtID of the client.
- extId
string
(required) Example: 1000ExtID of the unit.
204
Update unitPATCH/{clientExtId}/units/{extId}
Updates the unit with the given external ID, belonging to the client with the given external ID.
Required permissions
AccessControl.UnitView, AccessControl.UnitModify
Example URI
- clientExtId
string
(required) Example: 1000ExtID of the client.
- extId
string
(required) Example: 1000ExtID of the unit.
Headers
Content-Type: application/json
Body
{
"version": 1,
"name": "MyUnit1",
"location": "zurich",
"description": "something",
"displayName": {
"EN": "MyUnit1",
"DE": "MyUnit1",
"FR": "MyUnit1",
"IT": "MyUnit1"
},
"abbreviation": {
"EN": "MU1",
"DE": "MU1",
"FR": "MU1",
"IT": "MU1"
},
"profileless": false,
"modificationComment": "blabla"
}
200
If a unit exists with the given external ID, the response looks as follows:
Headers
Content-Type: application/json
Body
{
"extId": "1000",
"parentUnitExtId": "2311",
"clientExtId": "1000",
"version": 2,
"hierarchicalName": "2023/2311/1000",
"name": "MyUnit1",
"location": "zurich",
"description": "something",
"displayName": {
"EN": "MyUnit1",
"DE": "MyUnit1",
"FR": "MyUnit1",
"IT": "MyUnit1"
},
"abbreviation": {
"EN": "MU1",
"DE": "MU1",
"FR": "MU1",
"IT": "MU1"
},
"profileless": false,
"modificationComment": "blabla",
"created": "2018-04-24T14:22:20Z",
"lastModified": "2018-04-24T14:22:20Z"
}
Child units experimental ¶
Get children experimentalGET/{clientExtId}/units/{extId}/children
Returns all children of the unit with the given external ID.
Required permissions
AccessControl.UnitView
Example URI
- clientExtId
string
(required) Example: 1000ExtID of the client.
- extId
string
(required) Example: 1000ExtID of the unit.
200
Headers
Content-Type: application/json
Body
{
"items": [
{
"extId": "1001",
"parentUnitExtId": "1000",
"clientExtId": "1000",
"version": 1,
"hierarchicalName": "2023/2311/1000/1001",
"name": "MyUnit01",
"location": "something",
"description": "something",
"displayName": {
"EN": "MyUnit01",
"DE": "MyUnit01",
"FR": "MyUnit01",
"IT": "MyUnit01"
},
"abbreviation": {
"EN": "MU01",
"DE": "MU01",
"FR": "MU01",
"IT": "MU01"
},
"profileless": true,
"modificationComment": "blabla",
"created": "2018-04-24T14:22:20Z",
"lastModified": "2018-04-24T14:22:20Z"
},
{
"extId": "1002",
"parentUnitExtId": "1000",
"clientExtId": "1000",
"version": 1,
"hierarchicalName": "2023/2311/1000/1002",
"name": "MyUnit02",
"location": "something",
"description": "something",
"displayName": {
"EN": "MyUnit02",
"DE": "MyUnit02",
"FR": "MyUnit02",
"IT": "MyUnit02"
},
"abbreviation": {
"EN": "MU02",
"DE": "MU02",
"FR": "MU02",
"IT": "MU02"
},
"profileless": true,
"modificationComment": "blabla",
"created": "2018-04-24T14:22:20Z",
"lastModified": "2018-04-24T14:22:20Z"
}
],
"_pagination": {
"continuationToken": "1524579740_1002",
"limit": 100
}
}
Child Unit experimental ¶
Assign child unitPUT/{clientExtId}/units/{extId}/children/{childExtId}
Moves the child unit with the given external ID childExtId under the parent unit with the given external ID extId.
Required permissions
AccessControl.UnitModify
Example URI
- clientExtId
string
(required) Example: 1000ExtID of the client.
- extId
string
(required) Example: 1000ExtID of the parent unit.
- childExtId
string
(required) Example: 1003ExtID of the child unit.
204
Unassign child unitDELETE/{clientExtId}/units/{extId}/children/{childExtId}
Removes the child unit with the given external ID childExtId from the parent unit with the given external ID extId. This action makes the child unit a root unit.
Required permissions
AccessControl.UnitModify, AccessControl.UnitCreateTopUnit
Example URI
- clientExtId
string
(required) Example: 1000ExtID of the client.
- extId
string
(required) Example: 1000ExtID of the parent unit.
- childExtId
string
(required) Example: 1003ExtID of the child unit.
204
Properties experimental ¶
Get properties experimentalGET/{clientExtId}/units/{extId}/properties/
Returns all properties of the unit with the given external ID, as an object of key-value pairs. Properties are additional, customer-specific attributes of an entity.
Required permissions
AccessControl.UnitView, AccessControl.PropertyView, AccessControl.PropertyValueView, AccessControl.PropertyAllowedValueView
Example URI
- clientExtId
string
(required) Example: 1000ExtID of the client.
- extId
string
(required) Example: 1000ExtID of the unit.
200
Headers
Content-Type: application/json
Body
{
"propertyKey1" : "propertyValue1",
"propertyKey2" : "propertyValue2",
}
Update unit properties experimentalPATCH/{clientExtId}/units/{extId}/properties/
Updates the properties of the unit with the given external ID, belonging to the client with the given external ID. The body must contain an object of key-value property pairs.
Required permissions
AccessControl.PropertyView, AccessControl.PropertyValueView, AccessControl.PropertyAllowedValueView, AccessControl.PropertyValueCreate, AccessControl.PropertyValueDelete, AccessControl.PropertyValueModify
Example URI
- clientExtId
string
(required) Example: 1000ExtID of the client.
- extId
string
(required) Example: 1000ExtID of the unit.
Headers
Content-Type: application/json
Body
{
"propertyKey1": "",
"propertyKey3": "propertyNewValue3"
}
200
Headers
Content-Type: application/json
Body
{
"propertyKey2" : "propertyValue2",
"propertyKey3" : "propertyNewValue3",
}
Enterprise Role REST Service ¶
An enterprise role defines a specific set of roles, for example, for people with the same business function. It can be assigned to multiple users’ profiles. This way, all users with the same enterprise role have the same included roles. Adding a role to or removing a role from a particular enterprise role will affect all assigned users - which can be hundreds of thousands of users in some cases. Therefore, use this service carefully.
Creating an enterprise role does not provide any additional access, because it is empty. Changing the enterprise role entity does not affect accessibility either.
You can only assign existing roles to an enterprise role, with PUT. If the role you want to assign does not exist yet, you must create it first through the Role REST Service. Roles can be unassigned with DELETE. Note that unassignment does not remove the role from the system.
Enterprise role external IDs are unique per client only, not globally. Therefore, you must always set the target client.
Enterprise role DTO
The enterprise role DTO has the following fields:
-
extId - The external ID of the enterprise role (string).
-
clientExtId - The external ID of the client to which the enterprise role belongs (string).
-
name - The name of the enterprise role (string).
-
description - The textual description of the enterprise role (string).
-
displayName - The language-dependent name of the enterprise role (object).
- EN - The enterprise role name in English (string).
- DE - The enterprise role name in German (string).
- FR - The enterprise role name in French (string).
- IT - The enterprise role name in Italian (string).
-
version - Version used for optimistic locking (number).
-
created - Creation date of the entity (string).
-
lastModified - The date when the entity was last modified (string).
Role DTO
The role DTO has the following fields:
-
extId - The external ID of the role (read-only string).
-
applicationExtId - The external ID of the application the role belongs to (string).
-
applicationName - The name of the application the role belongs to (string).
-
name - The name of the role (string).
-
description - The textual description of the role (string).
-
version - The version used for optimistic locking (number).
-
created - The creation date of the entity (read-only string).
-
lastModified - The date when the entity was last modified (string).
Enterprise roles ¶
Create enterprise rolePOST/{clientExtId}/eroles/
Creates a new enterprise role for the client with the given external ID.
Required permissions
AccessControl.EnterpriseRoleCreate
Example URI
- clientExtId
string
(required) Example: 1000ExtID of the client.
Headers
Content-Type: application/json
Body
{
"extId": "2345",
"name": "erole1",
"description": "erole1",
"displayName": {
"EN": "erole1",
"DE": "erole1",
"FR": "erole1",
"IT": "erole1"
}
}
201
Headers
Location: https://your-host/nevisidm/api/core/v1/eroles/2345
Enterprise role ¶
Get enterprise roleGET/{clientExtId}/eroles/{eroleExtId}
Returns the enterprise role with the given external ID, belonging to the client with the given external ID.
Required permissions
AccessControl.EnterpriseRoleView
Example URI
- clientExtId
string
(required) Example: 1000ExtID of the client.
- eroleExtId
string
(required) Example: 2345ExtID of the enterprise role.
200
Headers
Content-Type: application/json
Body
{
"extId": "2345",
"clientExtId": "1000",
"version": 1,
"name": "erole1",
"description": "erole1",
"displayName": {
"EN": "erole1",
"DE": "erole1",
"FR": "erole1",
"IT": "erole1"
},
"created": "2017-08-17T00:00:00Z",
"lastModified": "2017-08-17T00:00:00Z"
}
Update enterprise rolePATCH/{clientExtId}/eroles/{eroleExtId}
Updates the enterprise role with the given external ID, belonging to the client with the given external ID.
Required permissions
AccessControl.EnterpriseRoleView, AccessControl.EnterpriseRoleModify
Example URI
- clientExtId
string
(required) Example: 1000ExtID of the client.
- eroleExtId
string
(required) Example: 2345ExtID of the enterprise role.
Headers
Content-Type: application/json
Body
{
"version": 2,
"name": "erole1",
"description": "erole1",
"displayName": {
"EN": "erole1",
"DE": "erolle1",
"FR": "erole1",
"IT": "erole1"
}
}
200
Headers
Content-Type: application/json
Body
{
"extId": "2345",
"clientExtId": "1000",
"version": 3,
"name": "erole1",
"description": "erole1",
"displayName": {
"EN": "erole1",
"DE": "erolle1",
"FR": "erole1",
"IT": "erole1"
},
"created": "2017-08-17T00:00:00Z",
"lastModified": "2017-08-17T00:00:00Z"
}
Delete enterprise roleDELETE/{clientExtId}/eroles/{eroleExtId}
Deletes the enterprise role with the given external ID, belonging to the client with the given external ID.
Required permissions
AccessControl.EnterpriseRoleDelete
Example URI
- clientExtId
string
(required) Example: 1000ExtID of the client.
- eroleExtId
string
(required) Example: 2345ExtID of the enterprise role.
204
Enterprise role members ¶
Get enterprise role membersGET/{clientExtId}/eroles/{eroleExtId}/roles
Returns all roles of the enterprise role with the given external ID.
Required permissions
AccessControl.RoleView, AccessControl.EnterpriseRoleView
Example URI
- clientExtId
string
(required) Example: 1000ExtID of the client.
- eroleExtId
string
(required) Example: 2345ExtID of the enterprise role.
200
Headers
Content-Type: application/json
Body
{
"items": [
{
"extId": "8865",
"applicationExtId": "987",
"applicationName": "Confluence",
"version": 0,
"name": "role1",
"description": "role1",
"created": "2018-04-24T14:22:20Z",
"lastModified": "2018-04-24T14:22:20Z"
},
{
"extId": "2300",
"applicationExtId": "987",
"applicationName": "Confluence",
"version": 0,
"name": "role2",
"description": "role2",
"created": "2018-04-24T14:22:20Z",
"lastModified": "2018-04-24T14:22:20Z"
}
],
"_pagination": {
"continuationToken": "1524579619_2300",
"limit": 100
}
}
Enterprise role member ¶
Assign rolePUT/{clientExtId}/eroles/{eroleExtId}/roles/{roleExtId}
Assigns the role with the given external ID to the enterprise role with the given external ID.
Required permissions
AccessControl.EnterpriseRoleMemberCreate
Example URI
- clientExtId
string
(required) Example: 1000ExtID of the client.
- eroleExtId
string
(required) Example: 2345ExtID of the enterprise role.
- roleExtId
string
(required) Example: 2301ExtID of the role.
204
Unassign roleDELETE/{clientExtId}/eroles/{eroleExtId}/roles/{roleExtId}
Removes the role with the given external ID from the enterprise role with the given external ID.
Required permissions
AccessControl.EnterpriseRoleMemberDelete
Example URI
- clientExtId
string
(required) Example: 1000ExtID of the client.
- eroleExtId
string
(required) Example: 2345ExtID of the enterprise role.
- roleExtId
string
(required) Example: 2301ExtID of the role.
204
Enterprise role properties ¶
Get propertiesGET/{clientExtId}/eroles/{eroleExtId}/properties/
Returns all properties of the enterprise role with the given external ID, as an object of key-value pairs. Properties are additional, customer-specific attributes of an entity.
Required permissions
AccessControl.EnterpriseRoleView, AccessControl.PropertyView, AccessControl.PropertyValueView, AccessControl.PropertyAllowedValueView
Example URI
- clientExtId
string
(required) Example: 1000ExtID of the client.
- eroleExtId
string
(required) Example: 2345ExtID of the enterprise role.
200
Headers
Content-Type: application/json
Body
{
"propertyKey1": "propertyValue1",
"propertyKey2": "propertyValue2"
}
Update propertiesPATCH/{clientExtId}/eroles/{eroleExtId}/properties/
Updates the properties of an enterprise role with given external ID of the enterprise role. The body must contain an object of of key-value property pairs.
Required permissions
AccessControl.EnterpriseRoleView, AccessControl.EnterpriseRoleModify, AccessControl.PropertyView, AccessControl.PropertyValueView, AccessControl.PropertyAllowedValueView, AccessControl.PropertyValueCreate, AccessControl.PropertyValueModify, AccessControl.PropertyValueDelete
Example URI
- clientExtId
string
(required) Example: 1000ExtID of the client.
- eroleExtId
string
(required) Example: 2345ExtID of the enterprise role.
Headers
Content-Type: application/json
Body
{
"propertyKey1": "propertyNewValue1",
"propertyKey3": "propertyNewValue3"
}
200
Headers
Content-Type: application/json
Body
{
"propertyKey1" : "propertyNewValue1",
"propertyKey2" : "propertyValue2",
"propertyKey3" : "propertyNewValue3",
}
Policy REST Service experimental ¶
Policies are used to adjust the behavior and/or configuration of specific entities or components in nevisIDM (see also “Policy” in the nevisIDM reference guide). Policies describe for example the format of a credential or how a credential should work.
When you change a policy, the change comes into effect immediately. However, it does not affect the stored credentials. For example, if you change the minimum password length in the password policy from four to six characters, it is still possible to use an existing five-character password. But when you want to modify this password, you must select a new password that meets the currently valid policy.
A policy change has an impact on almost all users. Therefore, use this service carefully.
Policy external IDs are unique per client only, not globally. Therefore, you must always set the target client.
Policy DTO
The policy DTO has the following fields:
-
extId - The external ID of the policy (read-only string).
-
clientExtId - The external ID of the client to which the policy belongs (read-only string).
-
name - The name of the policy (string).
-
description - The textual description of the policy (string).
-
policyType - The type of policy (string).
-
defaultPolicy - Determines whether the policy is default or not (boolean).
-
parameters - Lists the policy parameters assigned to the policy configuration. The parameters are represented as name-value pairs (object).
-
version - The version used for optimistic locking (number).
-
created - The creation date of the entity (read-only string).
-
lastModified - The date when the entity was last modified (read-only string).
Policies ¶
Create policyPOST/{clientExtId}/policies/
Creates a new policy for the client with the given external ID.
Required permissions
AccessControl.PolicyConfigurationCreate
Example URI
- clientExtId
string
(required) Example: 1000ExtID of the client.
Headers
Content-Type: application/json
Body
{
"extId": "99990049",
"description": "PDF Email Policy",
"name": "TicketPolicyForPDFEmailSending",
"policyType": "TicketPolicy",
"defaultPolicy": true,
"version": 0,
"parameters": {
"param1": "value1",
"param2": "value2",
"paramN": "valueN"
}
}
201
Headers
Location: https://your-host/nevisidm/api/core/v1/1000/policies/99990049
Policy ¶
Get policyGET/{clientExtId}/policies/{extId}
Returns the policy with the given external ID, belonging to the client with the given external ID.
Required permissions
AccessControl.PolicyConfigurationView
Example URI
- clientExtId
string
(required) Example: 1000ExtID of the client.
- extId
string
(required) Example: 99990049ExtID of the policy.
200
Headers
Content-Type: application/json
Body
{
"extId": "99990049",
"clientExtId": "1000",
"description": "PDF Email Policy",
"name": "TicketPolicyForPDFEmailSending",
"policyType": "TicketPolicy",
"defaultPolicy": true,
"version": 0,
"parameters": {
"param1": "value1",
"param2": "value2",
"paramN": "valueN"
},
"created": "2018-04-24T14:22:20Z",
"lastModified": "2018-04-24T14:22:20Z"
}
Delete policyDELETE/{clientExtId}/policies/{extId}
Deletes the policy with the given external ID, belonging to the client with the given external ID.
Required permissions
AccessControl.PolicyConfigurationDelete
Example URI
- clientExtId
string
(required) Example: 1000ExtID of the client.
- extId
string
(required) Example: 99990049ExtID of the policy.
204
Update policyPATCH/{clientExtId}/policies/{extId}
Updates the policy with the given external ID, belonging to the client with the given external ID.
Required permissions
AccessControl.PolicyConfigurationView, AccessControl.PolicyConfigurationModify
Example URI
- clientExtId
string
(required) Example: 1000ExtID of the client.
- extId
string
(required) Example: 99990049ExtID of the policy.
Headers
Content-Type: application/json
Body
{
"description": "PDF Email Policy",
"name": "TicketPolicyForPDFEmailSending",
"policyType": "TicketPolicy",
"defaultPolicy": true,
"version": 0,
"parameters": {
"param1": "value1",
"param2": "value2new",
"paramN": "valueN"
}
}
200
Headers
Content-Type: application/json
Body
{
"extId": "99990049",
"clientExtId": "1000",
"description": "PDF Email Policy",
"name": "TicketPolicyForPDFEmailSending",
"policyType": "TicketPolicy",
"defaultPolicy": true,
"version": 1,
"parameters": {
"param1": "value1",
"param2": "value2new",
"paramN": "valueN"
},
"created": "2018-04-24T14:22:20Z",
"lastModified": "2018-04-24T14:22:20Z"
}
Password REST Service ¶
The Password REST Service is the service for managing passwords. The service does not manage the password states: They have their own workflow.
Changing and deleting a user’s password can result in the loss of access to the system for the user. Creating and changing a password can also give a user additional access. Therefore, use this service carefully.
Note:
-
Password values are not exposed through GET, but can be set via POST (upon creation).
-
A password must always belong to a user. It cannot be reassigned to someone else.
Password external IDs are unique per client only, not globally. Therefore, you must always set the target client.
Password create DTO
The password create DTO has the following fields:
-
extId - The external ID of the password credential (string).
-
policyExtId - The external ID of the used password policy (string).
-
stateName - The state of the credential (string).
-
password - The value of the password credential. This field is never returned (string).
Password fragment DTO
The password fragment DTO represents the portion of the generated password that is returned to the caller. It has one field:
- passwordFragment - A part of the generated password (string).
Password change DTO
The password change DTO has the following fields:
-
oldPassword - The old password. This field must be omitted when the caller changes the password of someone else (string).
-
newPassword - The new password to be set (string).
Password DTO
The Password DTO has the following fields:
-
extId - The external ID of the credential (string).
-
userExtId - The external ID of the user to whom the credential belongs(string).
-
policyExtId - The external ID of the used policy (string).
-
resetCount - Number of times the credential was reset (number).
-
stateName - The state of the credential (string).
-
stateChangeReason - Reason for the last state change of the password (string).
-
stateChangeDetail - Reason detail for the last state change of the password (string).
-
lastSuccessfulLoginDate - Timestamp of last successful login (string).
-
successfulLoginCount - Counts successful logins with this credential since last initialization or reset (password reset feature or administrator) (number).
-
lastFailedLoginDate - Date of last non-technical login failure, e.g., wrong password (string).
-
failedLoginCount - Counts non-technical login failures since the last successful login, initialization or reset (password reset feature or administrator) (number).
-
modificationComment - Textual comment regarding the last modification (string).
-
validity - Describes the validity period of the password (object).
- from - Start date of the profile’s validity in ISO format (string).
- to - End date of the profile’s validity in ISO format (string).
-
version - Version used for optimistic locking (number).
-
created - Creation date of the entity (read-only string).
-
lastModified - Date when the entity was last modified (read-only string).
-
createdBy - The combination of the client name and login ID of the user who created the password (read-only string, not available in self admin).
-
modifiedBy - The combination of the client name and login ID of the user who last modified the password (read-only string, not available in self admin).
-
lastChangeDate - Date when the password was modified last time (read-only string, not available in self admin).
Password patch DTO
The password patch DTO has the following fields:
-
stateName - The state of the credential (string).
-
modificationComment - Textual comment regarding the last modification (string).
-
version - Version used for optimistic locking (number).
Password ¶
Create passwordPOST/{clientExtId}/users/{userExtId}/password
Creates a password for the user with the given external ID. No content is returned when in the given password policy the “Reset code” function is disabled (parameter resetCodeEnabled is set to false), or the length of the returned part of the reset code is set to “0” (parameter resetCodeLen0). In all other cases, the response will contain a part of the generated password, in the field passwordFragment.
Required permissions
AccessControl.CredentialCreate, AccessControl.PolicyConfigurationView, AccessControl.CredentialChangeState (if the state of the password is provided, through the stateName field)
Example URI
- clientExtId
string
(required) Example: 1000ExtID of the client.
- userExtId
string
(required) Example: 1234ExtID of the user.
Headers
Content-Type: application/json
Body
{
"extId": "1001",
"policyExtId": "100",
"stateName": "active",
"password": "secretpassword"
}
204
Headers
Content-Type: application/json
201
Headers
Content-Type: application/json
Body
{
"passwordFragment": "A31S@ass"
}
Get PasswordGET/{clientExtId}/users/{userExtId}/password
Gets the password credential of the user with the given external ID.
Required permissions
AccessControl.CredentialView
Technical fields limitation
Fields createdBy and modifiedBy hold the login id of the user when he created/modified the password. This login id might differ from the current login id of the user.
Example URI
- clientExtId
string
(required) Example: 1000ExtID of the client.
- userExtId
string
(required) Example: 1234ExtID of the user.
200
Headers
Content-Type: application/json
Body
{
"extId": "2001",
"userExtID": "1234",
"policyExtId": "201",
"resetCount": 0,
"stateName": "active",
"stateChangeReason": "changed-by-user",
"lastSuccessfulLoginDate": "2018-10-26T11:27:24Z",
"successfulLoginCount": 250,
"lastFailedLoginDate": "2018-09-10T08:30:00Z",
"failedLoginCount": 10,
"created": "2017-08-17T00:00:00Z",
"lastModified": "2018-01-11T12:30:00Z",
"modificationComment": "string",
"validity": {
"from": "2017-08-17T00:00:00Z",
"to": "2018-12-31T00:00:00Z"
},
"version": 3,
"type": "PASSWORD",
"createdBy": "loginId",
"modifiedBy": "loginId",
"lastChangeDate": "2017-08-17T00:00:00Z"
}
Update PasswordPATCH/{clientExtId}/users/{userExtId}/password
Updates the password credential of the user with the given external ID.
Required permissions
AccessControl.CredentialView, AccessControl.CredentialModify
Example URI
- clientExtId
string
(required) Example: 1000ExtID of the client.
- userExtId
string
(required) Example: 1234ExtID of the user.
Headers
Content-Type: application/json
Body
{
"stateName": "active",
"modificationComment": "modified",
"version": 0,
}
200
Headers
Content-Type: application/json
Body
{
"extId": "2001",
"userExtID": "1234",
"policyExtId": "201",
"resetCount": 0,
"stateName": "active",
"stateChangeReason": "changed-by-user",
"lastSuccessfulLoginDate": "2018-10-26T11:27:24Z",
"successfulLoginCount": 250,
"lastFailedLoginDate": "2018-09-10T08:30:00Z",
"failedLoginCount": 10,
"created": "2017-08-17T00:00:00Z",
"lastModified": "2018-01-11T12:30:00Z",
"modificationComment": "modified",
"validity": {
"from": "2017-08-17T00:00:00Z",
"to": "2018-12-31T00:00:00Z"
},
"version": 0,
"type": "PASSWORD",
"createdBy": "loginId",
"modifiedBy": "loginId",
"lastChangeDate": "2017-08-17T00:00:00Z"
}
Delete PasswordDELETE/{clientExtId}/users/{userExtId}/password
Deletes the password credential of the user with the given external ID.
Required permissions
AccessControl.CredentialDelete
Example URI
- clientExtId
string
(required) Example: 1000ExtID of the client.
- userExtId
string
(required) Example: 1234ExtID of the user.
204
Headers
Content-Type: application/json
Password Change ¶
Change PasswordPOST/{clientExtId}/users/{userExtId}/password/change
Changes the password of the user with the given external ID. The oldPassword field in the request body is mandatory if a caller wants to change his own password. In case the caller wants to change the password of another user, the oldPassword field in the request body must be omitted.
Required permissions
AccessControl.CredentialModify, AccessControl.PolicyConfigurationView
Example URI
- clientExtId
string
(required) Example: 1000ExtID of the client.
- userExtId
string
(required) Example: 1234ExtID of the user.
Headers
Content-Type: application/json
Body
{
"oldPassword": "oldPassword",
"newPassword": "newSecretPassword"
}
204
Headers
Content-Type: application/json
Password Reset experimental ¶
Reset PasswordPOST/{clientExtId}/users/{userExtId}/password/reset
Resets the password of the user with the given external ID. Depending on the password policy, the response either contains a part of the generated password in the field passwordFragment, or no content is returned.
Required permissions
AccessControl.CredentialModify
Example URI
- clientExtId
string
(required) Example: 1000ExtID of the client.
- userExtId
string
(required) Example: 1234ExtID of the user.
201
Headers
Content-Type: application/json
Body
{
"passwordFragment": "s2323dW"
}
204
Headers
Content-Type: application/json
FIDO REST Service ¶
The FIDO REST Service is used to manage the FIDO UAF credentials.
FIDO UAF external IDs are unique per client only, not globally. Therefore, you must always set the target client.
Fido create DTO
The fido create DTO has the following fields:
-
extId - The external ID (string).
-
aaid - The authenticator attestation identifier (string).
-
keyId - The key identifier of the authenticator registered key (string).
-
authenticatorVersion - The version of the authenticator, as $major.$minor (string).
-
publicKey - The user authentication public key generated by the FIDO Authenticator during the registration process (string).
-
publicKeyAlgorithm - The public key algorithm used for the public key in the authenticator record (string).
-
appId - The OS-specific ID of the application that uses the FIDO credential (string).
-
deviceId - The device identifier obtained from a push service (string).
-
stateName - The state of the credential (string).
Fido DTO
The fido DTO has the following fields:
-
extId - The external ID of the credential (string).
-
userExtId - The external ID of the user to whom the credential belongs(string).
-
aaid - The authenticator attestation identifier (string).
-
keyId - The key identifier of the authenticator registered key (string).
-
signCounter - Indicates how many times this authenticator has performed signatures in the past.
-
authenticatorVersion - The version of the authenticator, as $major.$minor (string).
-
appId - The OS-specific ID of the application that uses the FIDO credential (string).
-
deviceId - The device identifier obtained from a push service (string).
-
type - The type of the credential (string).
-
publicKey - The user authentication public key generated by the FIDO Authenticator during the registration process (string).
-
publicKeyAlgorithm - The public key algorithm used for the public key in the authenticator record (string).
-
stateName - The state of the credential (string).
-
stateChangeReason - Reason for the last state change of the credential (string).
-
stateChangeDetail - Reason detail for the last state change of the credential (string).
-
lastSuccessfulLoginDate - Timestamp of last successful login (string).
-
successfulLoginCount - Counts successful logins with this credential since last initialization or reset (number).
-
lastFailedLoginDate - Date of last non-technical login failure (string).
-
failedLoginCount - Counts non-technical login failures since the last successful login, initialization or reset (number).
-
modificationComment - Textual comment regarding the last modification (string).
-
validity - Describes the validity period of the credential (object).
- from - Start date of the profile’s validity in ISO format (string).
- to - End date of the profile’s validity in ISO format (string).
-
version - Version used for optimistic locking (number).
-
created - Creation date of the entity (read-only string).
-
lastModified - Date when the entity was last modified (read-only string).
Fido patch DTO
The fido patch DTO has the following fields:
-
signCounter - Indicates how many times this authenticator has performed signatures in the past.
-
appId - The OS-specific ID of the application that uses the FIDO credential (string).
-
deviceId - The device identifier obtained from a push service (string).
-
stateName - The state of the credential (string).
-
modificationComment - Textual comment regarding the last modification (string).
-
version - Version used for optimistic locking (number).
FIDO UAF Credentials ¶
Create FIDO UAFPOST/{clientExtId}/users/{userExtId}/fido-authenticators
Creates a FIDO UAF credential for the user with the given external ID.
Required permissions
AccessControl.CredentialCreate, AccessControl.CredentialChangeState (if the state of the credential is provided, through the parameter stateName), AccessControl.CredentialView
Example URI
- clientExtId
string
(required) Example: 1000ExtID of the client.
- userExtId
string
(required) Example: 1234ExtID of the user.
Headers
Content-Type: application/json
Body
{
"extId": "fidoTestExtId",
"aaid": "46cb#de12",
"keyId": "Abhe2b3AHb_Ahb3hdabjHA-b5",
"authenticatorVersion": 2,
"publicKey": "key",
"publicKeyAlgorithm": "algorithm",
"appId": "abc",
"deviceId": "deviceId",
"stateName": "active"
}
201
Headers
Content-Type: application/json
Body
{
"extId": "fidoTestExtId",
"userExtId": "1234",
"aaid": "46cb#de12",
"keyId": "Abhe2b3AHb_Ahb3hdabjHA-b5",
"signCounter": 0,
"authenticatorVersion": 2,
"appId": "abc",
"deviceId": "deviceId",
"type": "FIDO UAF Authenticator",
"publicKey": "key",
"publicKeyAlgorithm": "algorithm",
"stateName": "active",
"created": "2018-07-21T19:03:49Z",
"lastModified": "2018-07-21T19:03:49Z",
"validity": {
"from": "2018-07-21T19:03:49Z",
"to": "2028-07-18T19:03:49Z"
},
"version": 1
}
Get user FIDO UAF credentialsGET/{clientExtId}/users/{userExtId}/fido-authenticators
Returns all the FIDO UAF credentials of the user with the given external ID.
Required permissions
AccessControl.CredentialView
Example URI
- clientExtId
string
(required) Example: 1000ExtID of the client.
- userExtId
string
(required) Example: 1234ExtID of the user.
200
Headers
Content-Type: application/json
Body
{
"items": [
{
"extId": "28000001",
"userExtId": "1234",
"aaid": "bbbb#aaaa",
"keyId": "keyIdx",
"signCounter": 1,
"authenticatorVersion": 9,
"appId": "appIdx",
"deviceId": "pushTokenx",
"type": "FIDO UAF Authenticator",
"publicKey": "{SSHA}MsVwg87xlhHa6UzlRFBzEnRcriEChDVXqpLDWXNe",
"publicKeyAlgorithm": "keyAlgo101",
"stateName": "initial",
"stateChangeReason": "changed-by-admin",
"stateChangeDetail": "test detail",
"lastSuccessfulLoginDate": "2011-11-11T00:00:00Z",
"successfulLoginCount": 2,
"lastFailedLoginDate": "2004-04-04T00:00:00Z",
"failedLoginCount": 4,
"created": "2010-01-01T00:00:00Z",
"lastModified": "2013-08-17T00:00:00Z",
"validity": {
"from": "2012-08-17T00:00:00Z",
"to": "2030-01-01T00:00:00Z"
},
"version": 3
},
{
"extId": "28000000",
"userExtId": "1234",
"aaid": "bbbb#aaac",
"keyId": "keyIdy",
"signCounter": 1,
"authenticatorVersion": 8,
"appId": "appIdy",
"deviceId": "pushTokeny",
"type": "FIDO UAF Authenticator",
"publicKey": "{SSHA}MsVwg87xlhHa6UzlRFBzEnRcriEChDVXqpLDWXNe",
"publicKeyAlgorithm": "keyAlgo102",
"stateName": "initial",
"stateChangeReason": "changed-by-admin",
"stateChangeDetail": "test detail",
"lastSuccessfulLoginDate": "2013-11-11T00:00:00Z",
"successfulLoginCount": 2,
"lastFailedLoginDate": "2004-04-04T00:00:00Z",
"failedLoginCount": 4,
"created": "2010-01-01T00:00:00Z",
"lastModified": "2013-08-17T00:00:00Z",
"validity": {
"from": "2013-08-17T00:00:00Z",
"to": "2030-01-01T00:00:00Z"
},
"version": 3
}
],
"_pagination": {
"continuationToken": "1376697600_28000000",
"limit": 1000
}
}
FIDO UAF Credentials ¶
Get FIDO UAFGET/{clientExtId}/users/{userExtId}/fido-authenticators/{extId}
Returns the FIDO UAF credential with the given external ID, belonging to the user with the given external ID.
Required permissions
AccessControl.CredentialView
Example URI
- clientExtId
string
(required) Example: 1000ExtID of the client.
- userExtId
string
(required) Example: 1234ExtID of the user.
- extId
string
(required) Example: 28000002ExtID of the credential.
200
Headers
Content-Type: application/json
Body
{
"extId": "28000002",
"userExtId": "1234",
"aaid": "46cb#de12",
"keyId": "Abhe2b3AHb_Ahb3hdabjHA-b5",
"signCounter": 0,
"authenticatorVersion": 4,
"appId": "abc",
"deviceId": "deviceId",
"type": "FIDO UAF Authenticator",
"publicKey": "key",
"publicKeyAlgorithm": "algorithm",
"stateName": "active",
"created": "2018-07-21T19:03:49Z",
"lastModified": "2018-07-21T19:03:49Z",
"validity": {
"from": "2018-07-21T19:03:49Z",
"to": "2028-07-18T19:03:49Z"
},
"version": 1
}
Delete FIDO UAFDELETE/{clientExtId}/users/{userExtId}/fido-authenticators/{extId}
Deletes the FIDO UAF credential with the given external ID, belonging to the user with the given external ID.
Required permissions
AccessControl.CredentialDelete
Example URI
- clientExtId
string
(required) Example: 1000ExtID of the client.
- userExtId
string
(required) Example: 1234ExtID of the user.
- extId
string
(required) Example: 28000002ExtID of the credential.
204
Headers
Content-Type: application/json
Update FIDO UAFPATCH/{clientExtId}/users/{userExtId}/fido-authenticators/{extId}
Updates the FIDO UAF credential with the given external ID, belonging to the user with the given external ID.
Required permissions
AccessControl.CredentialView, AccessControl.CredentialModify
Example URI
- clientExtId
string
(required) Example: 1000ExtID of the client.
- userExtId
string
(required) Example: 1234ExtID of the user.
- extId
string
(required) Example: 28000002ExtID of the credential.
Headers
Content-Type: application/json
Body
{
"signCounter": 0,
"appId": "abc",
"deviceId": "deviceId",
"stateName": "active",
"modificationComment": "changed-by-admin",
"version": 2
}
200
Headers
Content-Type: application/json
Body
{
"extId": "28000002",
"userExtId": "1234",
"aaid": "46cb#de12",
"keyId": "Abhe2b3AHb_Ahb3hdabjHA-b5",
"signCounter": 0,
"authenticatorVersion": 4,
"appId": "abc",
"deviceId": "deviceId",
"type": "FIDO UAF Authenticator",
"publicKey": "key",
"publicKeyAlgorithm": "algorithm",
"stateName": "active",
"created": "2018-07-21T19:03:49Z",
"modificationComment": "changed-by-admin",
"lastModified": "2018-07-21T19:03:49Z",
"validity": {
"from": "2018-07-21T19:03:49Z",
"to": "2028-07-18T19:03:49Z"
},
"version": 2
}
Certificate REST Service ¶
The Certificate REST Service is used to manage certificates. Note that changing and deleting a user’s certificate can result in the loss of access to the system for the user.
Certificate create DTO
The certificate create DTO has the following fields:
-
extId - The external ID of the certificate credential (string).
-
policyExtId - The external ID of the used policy (string).
-
stateName - The state of the credential (string).
-
certificate - The certificate value of the credential (string).
Certificate DTO
The certificate DTO has the following fields:
-
extId - The external ID of the credential (string).
-
userExtId - The external ID of the user to whom the credential belongs(string).
-
policyExtId - The external ID of the used policy (string).
-
subjectDN - DN of the subject (string).
-
issuerDN - DN of the issuer (string).
-
fingerprint - Fingerprint of the certificate in hexbyte-colon notation (string).
-
serial - Serial number (string).
-
subjectKeyIdentifier - The subject key identifier extension stored in the certificate credential (string).
-
certificate - The certificate value of the credential (string).
-
stateName - The state of the credential (string).
-
stateChangeReason - Reason for the last state change of the credential (string).
-
stateChangeDetail - Reason detail for the last state change of the credential (string).
-
lastSuccessfulLoginDate - Timestamp of last successful login (string).
-
successfulLoginCount - Counts successful logins with this credential since last initialization or reset (number).
-
lastFailedLoginDate - Date of last non-technical login failure (string).
-
failedLoginCount - Counts non-technical login failures since the last successful login, initialization or reset (number).
-
modificationComment - Textual comment regarding the last modification (string).
-
validity - Describes the validity period of the credential (object).
- from - Start date of the profile’s validity in ISO format (string).
- to - End date of the profile’s validity in ISO format (string).
-
version - Version used for optimistic locking (number).
-
created - Creation date of the entity (read-only string).
-
lastModified - Date when the entity was last modified (read-only string).
Certificate patch DTO
The certificate patch DTO has the following fields:
-
certificate - The certificate value of the credential (string).
-
stateName - The state of the credential (string).
-
modificationComment - Textual comment regarding the last modification (string).
-
version - Version used for optimistic locking (number).
Certificates ¶
Create certificatePOST/{clientExtId}/users/{userExtId}/certificates
Creates a new certificate credential for the user with the given external ID.
Required permissions
AccessControl.CredentialCreate, AccessControl.PolicyConfigurationView, AccessControl.CredentialChangeState (if the state of the credential is provided, through the parameter stateName)
Example URI
- clientExtId
string
(required) Example: 1000ExtID of the client.
- userExtId
string
(required) Example: 1234ExtID of the user.
Headers
Content-Type: application/json
Body
{
"extId": "4254",
"policyExtId": "104,
"stateName": "active",
"certificate": "-----BEGIN CERTIFICATE-----MIICVDCCAb2gAwIBAgIBADANBgkqhkiG9w0BAQ0FADBHMQswCQYDVQQGEwJ1czERMA8GA1UECAwITmV3IFlvcmsxFzAVBgNVBAoMDlNvZnR3YXJlIEhvdXNlMQwwCgYDVQQDDANTb0gwHhcNMTgwODAyMTI1NTM2WhcNMTkwODAyMTI1NTM2WjBHMQswCQYDVQQGEwJ1czERMA8GA1UECAwITmV3IFlvcmsxFzAVBgNVBAoMDlNvZnRYXJlIEhvdXNlMQwwCgYDVQQDDANTb0gwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAKZYYKWCfmKWkCtJAH25+gHclMuOMMzeBUaRBqj1ITb4XavejTslb9uGwmOV/SiBbR95kvndQdV/lip9vzakySetoFHbisuWkMEvJZnxf/xU9ldouacRbeWDkGkewMH916Gb0nbKtMo1wLo4oUl0dRsDy6vwVHa7w5xWNgrTOfDRAgMBAAGjUDBOMB0GA1UdDgQWBSwQ/cEKTYRaTvcSU3wKabc+5j5ozAfBgNVHSMEGDAWgBSwQ/cEKTYRaTvcSU3wKabc+5j5ozAMBgNVHRMEBTADAQH/MA0GCSqGSIb3DQEBDQUAA4GBAJqEMCovjWQ5GTHgduLkunFEValHeUYf9gV4+Ka9sUvB195XzQ0UOV/W57aMhiXoLM/2BfH7CENhEFegKW8ETEiYem1s3BvwpmJTdh3EFFM9bsLWbhTvIAtf+FhkqRXEvR56WYGwekvC6/vjICwyP7JRQnIubtKjGr2nfv/Yr39M-----END CERTIFICATE-----"
}
201
Headers
Location: https://your-host/nevisidm/api/core/v1/1000/certificates/4254
Get all certificatesGET/{clientExtId}/users/{userExtId}/certificates
Returns all certificate credentials of the user with the given external ID.
Required permissions
AccessControl.CredentialView
Example URI
- clientExtId
string
(required) Example: 1000ExtID of the client.
- userExtId
string
(required) Example: 1234ExtID of the user.
200
Headers
Content-Type: application/json
Body
{
"items": [
{
"created": "2018-08-07T00:00:00Z",
"lastModified": "2018-08-07T00:00:00Z",
"version": 1,
"extId": "39250002",
"userExtId": "1234",
"policyExtId": "100",
"subjectDN": "CN=www.getCertificateSUBJECT_DN.com",
"issuerDN": "CN=www.getCertificateISSUER_DN.com",
"fingerprint": "42:2D:4D:16:47:C5:FC:46:8F:1D:97:3E:DB:8B:4B:60:56:F1:D7:A7",
"serial": "12944643904094573006",
"subjectKeyIdentifier": "1178e0b26a1f4df8c706c51437157cce56f80316",
"certificate": "-----BEGIN CERTIFICATE-----\nMIID5TCCAs2g...aLpcd+Q=\n-----END CERTIFICATE-----",
"stateName": "active",
"stateChangeReason": "changed-by-admin",
"stateChangeDetail": "changed to disabled",
"lastSuccessfulLoginDate": "2018-11-11T00:00:00Z",
"successfulLoginCount": 4,
"lastFailedLoginDate": "2018-09-04T00:00:00Z",
"failedLoginCount": 2,
"modificationComment": "Add certificate1",
"validity": {
"from": "2018-08-07T00:00:00Z",
"to": "2052-06-03T00:00:00Z"
},
"type": "CERTIFICATE"
},
{
"created": "2018-08-07T00:00:00Z",
"lastModified": "2018-08-07T00:00:00Z",
"version": 1,
"extId": "39250001",
"userExtId": "1234",
"policyExtId": "100",
"subjectDN": "EMAILADDRESS=rest@test.com, C=DJ, ST=_EMPTY_, OU=IT, O=Adnovum, CN=test.com",
"fingerprint": "D8:45:47:EC:B6:DE:57:7E:53:E8:96:42:EC:7D:E2:63:56:82:61:70",
"serial": "12575078455078482608",
"certificate": "-----BEGIN CERTIFICATE-----\nMIIDejCCAmI...U+vgySk7bDMQQmBjN\n-----END CERTIFICATE-----",
"stateName": "active",
"stateChangeReason": "changed-by-admin",
"stateChangeDetail": "changed to disabled",
"lastSuccessfulLoginDate": "2018-12-11T00:00:00Z",
"successfulLoginCount": 5,
"lastFailedLoginDate": "2018-10-06T00:00:00Z",
"failedLoginCount": 2,
"modificationComment": "Add certificate2",
"validity": {
"from": "2018-08-07T00:00:00Z",
"to": "2052-06-03T00:00:00Z"
},
"type": "CERTIFICATE"
}
],
"_pagination": {
"continuationToken": "1533600000_39250001",
"limit": 1000
}
}
Certificate ¶
Get certificateGET/{clientExtId}/users/{userExtId}/certificates/{extId}
Returns the certificate credential with the given external ID.
Required permissions
AccessControl.CredentialView
Example URI
- clientExtId
string
(required) Example: 1000ExtID of the client.
- userExtId
string
(required) Example: 1234ExtID of the user.
- extId
string
(required) Example: 28000033ExtID of the certificate credential.
200
Headers
Content-Type: application/json
Body
{
"created": "2018-08-07T00:00:00Z",
"lastModified": "2018-08-07T00:00:00Z",
"version": 1,
"extId": "28000033",
"userExtId": "1234",
"policyExtId": "100",
"subjectDN": "CN=www.getCertificateSUBJECT_DN.com",
"issuerDN": "CN=www.getCertificateISSUER_DN.com",
"fingerprint": "42:2D:4D:16:47:C5:FC:46:8F:1D:97:3E:DB:8B:4B:60:56:F1:D7:A7",
"serial": "12944643904094573006",
"subjectKeyIdentifier": "1178e0b26a1f4df8c706c51437157cce56f80316",
"type": "CERTIFICATE",
"certificate": "-----BEGIN CERTIFICATE-----\nMIID5TCCA....8aLpcd+Q=\n-----END CERTIFICATE-----",
"stateName": "active",
"stateChangeReason": "changed-by-admin",
"stateChangeDetail": "changed to disabled",
"lastSuccessfulLoginDate": "2018-09-09T00:00:00Z",
"successfulLoginCount": 2,
"lastFailedLoginDate": "2018-10-12T00:00:00Z",
"failedLoginCount": 4,
"modificationComment": "Add certificate",
"validity": {
"from": "2018-08-07T00:00:00Z",
"to": "2052-06-03T00:00:00Z"
}
}
Update certificatePATCH/{clientExtId}/users/{userExtId}/certificates/{extId}
Updates the certificate credential with the given external ID, belonging to the user with the given external ID.
Required permissions
AccessControl.CredentialModify, AccessControl.CredentialView
Example URI
- clientExtId
string
(required) Example: 1000ExtID of the client.
- userExtId
string
(required) Example: 1234ExtID of the user.
- extId
string
(required) Example: 28000033ExtID of the certificate credential.
Headers
Content-Type: application/json
Body
{
"certificate": "-----BEGIN CERTIFICATE-----MIICVDCCAb2gAwIBAgIBADANBgkqhkiG9w0BAQ0FADBHMQswCQYDVQQGEwJ1czERMA8GA1UECAwITmV3IFlvcmsxFzAVBgNVBAoMDlNvZnR3YXJlIEhvdXNlMQwwCgYDVQQDDANTb0gwHhcNMTgwODAyMTI1NTM2WhcNMTkwODAyMTI1NTM2WjBHMQswCQYDVQQGEwJ1czERMA8GA1UECAwITmV3IFlvcmsxFzAVBgNVBAoMDlNvZnRYXJlIEhvdXNlMQwwCgYDVQQDDANTb0gwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAKZYYKWCfmKWkCtJAH25+gHclMuOMMzeBUaRBqj1ITb4XavejTslb9uGwmOV/SiBbR95kvndQdV/lip9vzakySetoFHbisuWkMEvJZnxf/xU9ldouacRbeWDkGkewMH916Gb0nbKtMo1wLo4oUl0dRsDy6vwVHa7w5xWNgrTOfDRAgMBAAGjUDBOMB0GA1UdDgQWBSwQ/cEKTYRaTvcSU3wKabc+5j5ozAfBgNVHSMEGDAWgBSwQ/cEKTYRaTvcSU3wKabc+5j5ozAMBgNVHRMEBTADAQH/MA0GCSqGSIb3DQEBDQUAA4GBAJqEMCovjWQ5GTHgduLkunFEValHeUYf9gV4+Ka9sUvB195XzQ0UOV/W57aMhiXoLM/2BfH7CENhEFegKW8ETEiYem1s3BvwpmJTdh3EFFM9bsLWbhTvIAtf+FhkqRXEvR56WYGwekvC6/vjICwyP7JRQnIubtKjGr2nfv/Yr39M-----END CERTIFICATE-----",
"stateName": "active",
"modificationComment": "changed-by-admin",
"version": 5
}
200
Body
{
"created": "2018-08-07T00:00:00Z",
"lastModified": "2018-08-07T00:00:00Z",
"version": 5,
"extId": "39250002",
"userExtId": "1234",
"policyExtId": "100",
"subjectDN": "CN=www.getCertificateSUBJECT_DN.com",
"issuerDN": "CN=www.getCertificateISSUER_DN.com",
"fingerprint": "42:2D:4D:16:47:C5:FC:46:8F:1D:97:3E:DB:8B:4B:60:56:F1:D7:A7",
"serial": "12944643904094573006",
"subjectKeyIdentifier": "1178e0b26a1f4df8c706c51437157cce56f80316",
"certificate": "-----BEGIN CERTIFICATE-----\nMIID5TCCAs2g...aLpcd+Q=\n-----END CERTIFICATE-----",
"stateName": "active",
"stateChangeReason": "changed-by-admin",
"stateChangeDetail": "changed to disabled",
"lastSuccessfulLoginDate": "2018-11-11T00:00:00Z",
"successfulLoginCount": 4,
"lastFailedLoginDate": "2018-09-04T00:00:00Z",
"failedLoginCount": 2,
"modificationComment": "changed-by-admin",
"validity": {
"from": "2018-08-07T00:00:00Z",
"to": "2052-06-03T00:00:00Z"
},
"type": "CERTIFICATE"
}
Delete certificateDELETE/{clientExtId}/users/{userExtId}/certificates/{extId}
Deletes the certificate credential with the given external ID.
Required permissions
AccessControl.CredentialDelete
Example URI
- clientExtId
string
(required) Example: 1000ExtID of the client.
- userExtId
string
(required) Example: 1234ExtID of the user.
- extId
string
(required) Example: 28000033ExtID of the certificate credential.
204
Headers
Content-Type: application/json
Certificate properties ¶
Get propertiesGET/{clientExtId}/users/{userExtId}/certificates/{extId}/properties/
Returns all properties of the certificate credential with the given external ID, as an object of key-value pairs. Properties are additional, customer-specific attributes of an entity.
Required permissions
AccessControl.CredentialView, AccessControl.PropertyView, AccessControl.PropertyValueView, AccessControl.PropertyAllowedValueView
Example URI
- clientExtId
string
(required) Example: 1000ExtID of the client.
- userExtId
string
(required) Example: 1234ExtID of the user.
- extId
string
(required) Example: 28000033ExtID of the certificate credential.
200
Headers
Content-Type: application/json
Body
{
"propertyKey1": "propertyValue1",
"propertyKey2": "propertyValue2"
}
Update certificate propertiesPATCH/{clientExtId}/users/{userExtId}/certificates/{extId}/properties/
Updates the properties of the certificate with the given external ID, belonging to the user and client with given external IDs. The body must contain an object of key-value property pairs.
Required permissions
AccessControl.CredentialView, AccessControl.CredentialModify, AccessControl.PropertyView, AccessControl.PropertyValueView, AccessControl.PropertyAllowedValueView, AccessControl.PropertyValueCreate, AccessControl.PropertyValueModify, AccessControl.PropertyValueDelete
Example URI
- clientExtId
string
(required) Example: 1000ExtID of the client.
- userExtId
string
(required) Example: 1234ExtID of the user.
- extId
string
(required) Example: 28000033ExtID of the certificate credential.
Headers
Content-Type: application/json
Body
{
"propertyKey1": "propertyNewValue1",
"propertyKey3": "propertyNewValue3"
}
200
Headers
Content-Type: application/json
Body
{
"propertyKey1": "propertyNewValue1",
"propertyKey2": "propertyValue2",
"propertyKey3": "propertyNewValue3"
}
OATH REST Service ¶
The OATH REST Service is used to manage OATH credentials. Note that deleting a user’s OATH credential can result in the loss of access to the system for the user.
OATH DTO
The OATH DTO has the following fields:
-
extId - The external ID of the credential (string).
-
userExtId - The external ID of the user to whom the credential belongs(string).
-
policyExtId - The external ID of the used policy (string).
-
uri - The generated QR code in an uri format (string).
-
issuer - The issuer indicates the provider or service the OATH credential is associated with (string).
-
authenticationMethod - The authentication method to use (string).
-
hashingAlgorithm - The hashing algorithm to use (string).
-
digits - The length of the generated token (string).
-
period - The time window (in seconds) how long a TOTP token is valid (number).
-
counter - The counter for tokens. This is increased on each succesful authentication (number).
-
type - The type of the credential (string).
-
secret - The secret that is required to initialize the mobile application (string).
-
label - The label is a technical property which can be used to select an OATH credential (string).
-
stateName - The state of the credential (string).
-
stateChangeReason - Reason for the last state change of the credential (string).
-
stateChangeDetail - Reason detail for the last state change of the credential (string).
-
lastSuccessfulLoginDate - Timestamp of last successful login (string).
-
successfulLoginCount - Counts successful logins with this credential since last initialization or reset (number).
-
lastFailedLoginDate - Date of last non-technical login failure, e.g., wrong password (string).
-
failedLoginCount - Counts non-technical login failures since the last successful login, initialization or reset (number).
-
modificationComment - Textual comment regarding the last modification (string).
-
validity - Describes the validity period of the credential (object).
- from - Start date of the profile’s validity in ISO format (string).
- to - End date of the profile’s validity in ISO format (string).
-
version - Version used for optimistic locking (number).
-
created - Creation date of the entity (read-only string).
-
lastModified - Date when the entity was last modified (read-only string).
OATH create DTO
The OATH create DTO has the following fields:
-
extId - The external ID of the credential (string).
-
policyExtId - The external ID of the used policy (string).
-
label - The label of the OATH credential (string).
-
stateName - The state of the credential (string).
OATH credentials ¶
Get all OATH credentials of a userGET/{clientExtId}/users/{userExtId}/oath-credentials/
Returns all OATH credentials of the user with the given external ID.
Required permissions
AccessControl.CredentialView
Example URI
- clientExtId
string
(required) Example: 1000ExtID of the client.
- userExtId
string
(required) Example: 1234ExtID of the user.
200
Headers
Content-Type: application/json
Body
{
"items": [
{
"extId": "4321",
"userExtID": "1234",
"policyExtId": "6789",
"issuer": "nevisIDM",
"authenticationMethod": "TOTP",
"hashingAlgorithm": "SHA1",
"digits": "6",
"period": 30,
"type": "OATH",
"label": "label",
"stateName": "active",
"stateChangeReason": "initialized",
"stateChangeDetail": "changed-by-admin",
"lastSuccessfulLoginDate": "2018-12-17T08:02:00Z",
"successfulLoginCount": 2,
"lastFailedLoginDate": "2017-10-02T08:15:00Z",
"failedLoginCount": 1,
"created": "2017-08-17T00:00:00Z",
"lastModified": "2018-04-21T10:26:00Z",
"modificationComment": "comment",
"validity": {
"from": "2017-08-17T00:00:00Z",
"to": "2027-08-17T00:00:00Z"
},
"version": 2
}
],
"_pagination": {
"continuationToken": "1524579740_4321",
"limit": 100
}
}
Create an OATH credentialPOST/{clientExtId}/users/{userExtId}/oath-credentials/
Creates a new OATH credential for the user with the given external ID.
Required permissions
AccessControl.CredentialCreate, AccessControl.CredentialView, AccessControl.PolicyConfigurationView
Example URI
- clientExtId
string
(required) Example: 1000ExtID of the client.
- userExtId
string
(required) Example: 1234ExtID of the user.
Headers
Content-Type: application/json
Body
{
"extId": "4500",
"policyExtId": "6789",
"label": "label",
"stateName": "initial"
}
201
Headers
Content-Type: application/json
Body
{
"extId": "4500",
"userExtId": "1234",
"policyExtId": "6789",
"uri": "otpauth://totp/nevisIDM:userToCreateOrDeleteOath%40test.hu?secret=AIOT7KMBL7GCF5C7HM4X4WOWFZ2HCVJR&issuer=nevisIDM&algorithm=SHA1&digits=6&period=30",
"issuer": "nevisIDM",
"authenticationMethod": "TOTP",
"hashingAlgorithm": "SHA1",
"digits": "6",
"period": 30,
"counter": 0,
"type": "OATH",
"secret": "3/PzpeVIMuN7tUolwvpJoyZbUzhSlx0VhfBqJg8V12/3nJ7/JGUZLtU7cQXcfalp",
"label": "label",
"stateName": "initial",
"stateChangeReason": "initialized",
"created": "2018-10-15T16:02:03Z",
"lastModified": "2018-10-15T16:02:03Z",
"validity": {
"from": "2018-10-15T16:02:03Z",
"to": "2028-10-12T16:02:03Z"
},
"version": 1
}
OATH credential ¶
Get the OATH credentialGET/{clientExtId}/users/{userExtId}/oath-credentials/{extId}
Returns the OATH credential with the given external ID, belonging to the user with the given external ID.
Required permissions
AccessControl.CredentialView
Example URI
- clientExtId
string
(required) Example: 1000ExtID of the client.
- userExtId
string
(required) Example: 1234ExtID of the user.
- extId
string
(required) Example: 4321ExtID of the OATH credential.
200
Headers
Content-Type: application/json
Body
{
"extId": "4321",
"userExtID": "1234",
"policyExtId": "6789",
"issuer": "nevisIDM",
"authenticationMethod": "TOTP",
"hashingAlgorithm": "SHA1",
"digits": "6",
"period": 30,
"type": "OATH",
"label": "label",
"stateName": "active",
"stateChangeReason": "initialized",
"stateChangeDetail": "changed-by-admin",
"lastSuccessfulLoginDate": "2018-12-17T08:02:00Z",
"successfulLoginCount": 2,
"lastFailedLoginDate": "2017-10-02T08:15:00Z",
"failedLoginCount": 1,
"created": "2017-08-17T00:00:00Z",
"lastModified": "2018-04-21T10:26:00Z",
"modificationComment": "comment",
"validity": {
"from": "2017-08-17T00:00:00Z",
"to": "2027-08-17T00:00:00Z"
},
"version": 3
}
Delete OATH credentialDELETE/{clientExtId}/users/{userExtId}/oath-credentials/{extId}
Deletes the OATH credential with the given external ID.
Required permissions
AccessControl.CredentialDelete
Example URI
- clientExtId
string
(required) Example: 1000ExtID of the client.
- userExtId
string
(required) Example: 1234ExtID of the user.
- extId
string
(required) Example: 4321ExtID of the OATH credential.
204
Headers
Content-Type: application/json
Context Password REST Service ¶
Context Password DTO
The Context Password DTO has the following fields:
-
extId - The external ID of the credential (string).
-
userExtId - The external ID of the user to whom the credential belongs(string).
-
policyExtId - The external ID of the used policy (string).
-
resetCount - Number of times the credential was reset (number).
-
stateName - The state of the credential (string).
-
stateChangeReason - Reason for the last state change of the credential (string).
-
stateChangeDetail - Reason detail for the last state change of the credential (string).
-
lastSuccessfulLoginDate - Timestamp of last successful login (string).
-
successfulLoginCount - Counts successful logins with this credential since last initialization or reset (password reset feature or administrator) (number).
-
lastFailedLoginDate - Date of last non-technical login failure, e.g., wrong password (string).
-
failedLoginCount - Counts non-technical login failures since the last successful login, initialization or reset (password reset feature or administrator) (number).
-
modificationComment - Textual comment regarding the last modification (string).
-
context - The value of the context field of context password credential (string).
-
validity - Describes the validity period of the credential (object).
- from - Start date of the profile’s validity in ISO format (string).
- to - End date of the profile’s validity in ISO format (string).
-
version - Version used for optimistic locking (number).
-
created - Creation date of the entity (read-only string).
-
lastModified - Date when the entity was last modified (read-only string).
-
createdBy - The combination of the client name and login ID of the user who created the context password (read-only string, not available in self admin).
-
modifiedBy - The combination of the client name and login ID of the user who last modified the context password (read-only string, not available in self admin).
-
lastChangeDate - Date when the context password was modified last time (read-only string, not available in self admin).
Context Password create DTO
The Context Password DTO has the following fields:
-
extId - The external ID of the credential (string).
-
policyExtId - The external ID of the used policy (string).
-
stateName - The state of the credential (string).
-
password - The value of the context password credential. This field is never returned (string).
-
context - The value of the context field of context password credential (string).
Context Password patch DTO
The context password patch DTO has the following fields:
-
stateName - The state of the credential (string).
-
modificationComment - Textual comment regarding the last modification (string).
-
version - Version used for optimistic locking (number).
Context Password fragment DTO
The password fragment DTO represents the portion of the generated password that is returned to the caller. It has one field:
- passwordFragment - A part of the generated password (string).
Context Password change DTO
The password change DTO has the following fields:
-
oldPassword - The old password. This field must be omitted when the caller changes the password of someone else (string).
-
newPassword - The new password to be set (string).
Context Passwords ¶
Create context passwordPOST/{clientExtId}/users/{userExtId}/context-passwords
Creates a context password for the given user. When resetCodeEnabled is set to false in the given context password policy, or resetCodeLen0 is set to 0 then 201 is returned. Else 201 with the passwordFragment.
Required permissions
AccessControl.CredentialCreate
Example URI
- clientExtId
string
(required) Example: 1000ExtID of the client.
- userExtId
string
(required) Example: 27000029ExtID of the user.
Headers
Content-Type: application/json
Body
{
"extId": "1001",
"policyExtId": "201",
"stateName": "active",
"password": "secretpassword",
"context" "context"
}
201
Headers
Content-Type: application/json
Body
{
"passwordFragment": "A31S@ass"
}
Get all context passwordsGET/{clientExtId}/users/{userExtId}/context-passwords
Returns all context password credentials of the user with the given external ID.
Required permissions
AccessControl.CredentialView
Technical fields limitation
Fields createdBy and modifiedBy hold the login id of the user when he created/modified the context password. This login id might differ from the current login id of the user.
Example URI
- clientExtId
string
(required) Example: 1000ExtID of the client.
- userExtId
string
(required) Example: 1234ExtID of the user.
200
Headers
Content-Type: application/json
Body
{
"items": [
{
"created": "2018-08-07T00:00:00Z",
"lastModified": "2018-08-08T00:00:00Z",
"version": 3,
"extId": "28000046",
"userExtId": "1234",
"policyExtId": "127",
"resetCount": 3,
"stateName": "active",
"stateChangeReason": "changed-by-admin",
"stateChangeDetail": "testStateChangeDetail",
"lastSuccessfulLoginDate": "2018-12-11T08:15:00Z",
"successfulLoginCount": 3,
"lastFailedLoginDate": "2018-11-30T08:20:00Z",
"failedLoginCount": 3,
"modificationComment": "testModComment3",
"context": "restGetTestContext3",
"validity": {
"from": "2018-08-07T00:00:00Z",
"to": "2052-06-03T00:00:00Z"
},
"type": "CONTEXTPASSWORD",
"createdBy": "loginId",
"modifiedBy": "loginId",
"lastChangeDate": "2017-08-17T00:00:00Z"
},
{
"created": "2018-08-07T00:00:00Z",
"lastModified": "2018-08-08T00:00:00Z",
"version": 2,
"extId": "28000045",
"userExtId": "1234",
"policyExtId": "127",
"resetCount": 2,
"stateName": "active",
"stateChangeReason": "changed-by-admin",
"stateChangeDetail": "testStateChangeDetail",
"lastSuccessfulLoginDate": "2018-12-11T08:15:00Z",
"successfulLoginCount": 2,
"lastFailedLoginDate": "2018-11-30T08:20:00Z",
"failedLoginCount": 2,
"modificationComment": "testModComment2",
"context": "restGetTestContext2",
"validity": {
"from": "2018-08-07T00:00:00Z",
"to": "2052-06-03T00:00:00Z"
},
"type": "CONTEXTPASSWORD",
"createdBy": "loginId",
"modifiedBy": "loginId",
"lastChangeDate": "2017-08-17T00:00:00Z"
},
{
"created": "2018-08-07T00:00:00Z",
"lastModified": "2018-08-08T00:00:00Z",
"version": 3,
"extId": "28000044",
"userExtId": "1234",
"policyExtId": "127",
"resetCount": 1,
"stateName": "active",
"stateChangeReason": "changed-by-admin",
"stateChangeDetail": "testStateChangeDetail",
"lastSuccessfulLoginDate": "2018-12-11T08:15:00Z",
"successfulLoginCount":1,
"lastFailedLoginDate": "2018-11-30T08:20:00Z",
"failedLoginCount": 1,
"modificationComment": "testModComment1",
"context": "restGetTestContext1",
"validity": {
"from": "2018-08-07T00:00:00Z",
"to": "2052-06-03T00:00:00Z"
},
"type": "CONTEXTPASSWORD",
"createdBy": "loginId",
"modifiedBy": "loginId",
"lastChangeDate": "2017-08-17T00:00:00Z"
},
],
"_pagination": {
"continuationToken": "1533600000_39250001",
"limit": 1000
}
}
Context Password ¶
Get context passwordGET/{clientExtId}/users/{userExtId}/context-passwords/{extId}
Gets the context password credential with the given external ID, belonging to the user with the given external ID.
Required permissions
AccessControl.CredentialView
Technical fields limitation
Fields createdBy and modifiedBy hold the login id of the user when he created/modified the context password. This login id might differ from the current login id of the user.
Example URI
- clientExtId
string
(required) Example: 1000ExtID of the client.
- userExtId
string
(required) Example: 1234ExtID of the user.
- extId
string
(required) Example: 27000029ExtID of the context password credential.
200
Headers
Content-Type: application/json
Body
{
"created": "2018-08-07T00:00:00Z",
"lastModified": "2018-08-08T00:00:00Z",
"version": 2,
"extId": "27000029",
"userExtId": "1234",
"policyExtId": "127",
"resetCount": 3,
"stateName": "active",
"stateChangeReason": "changed-by-admin",
"stateChangeDetail": "testStateChangeDetail",
"lastSuccessfulLoginDate": "2018-12-11T08:15:00Z",
"successfulLoginCount": 4,
"lastFailedLoginDate": "2018-11-30T08:20:00Z",
"failedLoginCount": 2,
"modificationComment": "testModComment",
"context": "restGetTestContext",
"validity": {
"from": "2018-08-07T00:00:00Z",
"to": "2052-06-03T00:00:00Z"
},
"type": "CONTEXTPASSWORD",
"createdBy": "loginId",
"modifiedBy": "loginId",
"lastChangeDate": "2017-08-17T00:00:00Z"
}
Delete Context PasswordDELETE/{clientExtId}/users/{userExtId}/context-passwords/{extId}
Deletes the context password credential of the user with the given external ID.
Required permissions
AccessControl.CredentialDelete
Example URI
- clientExtId
string
(required) Example: 1000ExtID of the client.
- userExtId
string
(required) Example: 1234ExtID of the user.
- extId
string
(required) Example: 27000029ExtID of the context password credential.
204
Headers
Content-Type: application/json
Update context passwordPATCH/{clientExtId}/users/{userExtId}/context-passwords/{extId}
Updates a context password for the given user. 204 (No content) is returned.
Required permissions
AccessControl.CredentialView AccessControl.CredentialModify
Example URI
- clientExtId
string
(required) Example: 1000ExtID of the client.
- userExtId
string
(required) Example: 27000029ExtID of the user.
- extId
string
(required) Example: 27000030ExtID of the credential.
Headers
Content-Type: application/json
Body
{
"stateName": "active",
"modificationComment": "no comment",
"version": 2
}
200
Headers
Content-Type: application/json
Body
{
"created": "2018-08-07T00:00:00Z",
"lastModified": "2018-08-08T00:00:00Z",
"version": 2,
"extId": "28000046",
"userExtId": "1234",
"policyExtId": "127",
"resetCount": 3,
"stateName": "active",
"stateChangeReason": "changed-by-admin",
"stateChangeDetail": "testStateChangeDetail",
"lastSuccessfulLoginDate": "2018-12-11T08:15:00Z",
"successfulLoginCount": 3,
"lastFailedLoginDate": "2018-11-30T08:20:00Z",
"failedLoginCount": 3,
"modificationComment": "no comment",
"context": "restGetTestContext3",
"validity": {
"from": "2018-08-07T00:00:00Z",
"to": "2052-06-03T00:00:00Z"
},
"type": "CONTEXTPASSWORD",
"createdBy": "loginId",
"modifiedBy": "loginId",
"lastChangeDate": "2017-08-17T00:00:00Z"
}
Context Password Reset experimental ¶
Reset Context PasswordPOST/{clientExtId}/users/{userExtId}/context-passwords/{extId}/reset
Resets the context password of the user with the given external ID. Depending on the password policy, the response either contains a part of the generated password in the field passwordFragment or no content is returned.
Required permissions
AccessControl.CredentialModify
Example URI
- clientExtId
string
(required) Example: 1000ExtID of the client.
- userExtId
string
(required) Example: 1234ExtID of the user.
- extId
string
(required) Example: 27000030ExtID of the credential.
201
Headers
Content-Type: application/json
Body
{
"passwordFragment": "s2323dW"
}
204
Headers
Content-Type: application/json
Context Password Change ¶
Change Context PasswordPOST/{clientExtId}/users/{userExtId}/context-passwords/{extId}/change
Changes the context password of the user with the given external ID. The oldPassword field in the request body is mandatory if a caller wants to change his own password. In case the caller wants to change the password of another user, the oldPassword field in the request body must be omitted.
Required permissions
AccessControl.CredentialModify
Example URI
- clientExtId
string
(required) Example: 1000ExtID of the client.
- userExtId
string
(required) Example: 1234ExtID of the user.
- extId
string
(required) Example: 5678ExtID of the context password credential.
Headers
Content-Type: application/json
Body
{
"oldPassword": "oldPassword",
"newPassword": "newSecretPassword"
}
204
Headers
Content-Type: application/json
Personal Question REST Service experimental ¶
Personal Question DTO
The personal question DTO has the following fields:
-
extId - The external ID of the personal question (string).
-
clientExtId - The external ID of the client to which the personal question belongs (string).
-
version - Version used for optimistic locking (number).
-
description - The textual description of the personal question (string).
-
stateName - The state of the credential (string).
-
displayName - Language-dependent name of the personal question (object).
- EN - Personal question name in English (string).
- DE - Personal question name in German (string).
- FR - Personal question name in French (string).
- IT - Personal question name in Italian (string).
-
content - Language-dependent content of the personal question (object).
- EN - Content in English (string).
- DE - Content in German (string).
- FR - Content in French (string).
- IT - Content in Italian (string)
Personal Question Patch DTO
The personal question patch DTO has the following fields:
-
version - Version used for optimistic locking (number).
-
description - The textual description of the personal question (string).
-
stateName - The state of the credential (string).
-
displayName - Language-dependent name of the personal question (object).
- EN - Personal question name in English (string).
- DE - Personal question name in German (string).
- FR - Personal question name in French (string).
- IT - Personal question name in Italian (string).
-
content - Language-dependent content of the personal question (object).
- EN - Content in English (string).
- DE - Content in German (string).
- FR - Content in French (string).
- IT - Content in Italian (string)
Client personal questions ¶
Get a personal questionGET/{clientExtId}/personal-questions/{extId}
Returns the personal question with the given external ID, belonging to the client with the given external ID.
Required permissions
AccessControl.PersonalQuestionView, AccessControl.CredentialView
Example URI
- clientExtId
string
(required) Example: 1000ExtID of the client.
- extId
string
(required) Example: 2233ExtID of the personal question.
200
Headers
Content-Type: application/json
Body
{
"extId": "2233",
"clientExtId": "1000",
"version": 1,
"description": "description",
"stateName": "active",
"displayName": {
"DE": "DE displayName",
"EN": "EN displayName",
"FR": "FR displayName",
"IT": "IT displayName"
},
"content": {
"DE": "DE content",
"EN": "EN content",
"FR": "FR content",
"IT": "IT content"
}
}
Delete a personal questionDELETE/{clientExtId}/personal-questions/{extId}
Deletes a personal question with the given external ID, belonging to the client with the given external ID.
Required permissions
AccessControl.PersonalQuestionDelete
Example URI
- clientExtId
string
(required) Example: 1000ExtID of the client.
- extId
string
(required) Example: 2233ExtID of the personal question.
204
Headers
Content-Type: application/json
Update a personal questionPATCH/{clientExtId}/personal-questions/{extId}
Updates the personal question with the given external ID, belonging to the client with the given external ID.
Required permissions
AccessControl.PersonalQuestionView, AccessControl.PersonalQuestionModify, AccessControl.CredentialView
Example URI
- clientExtId
string
(required) Example: 1000ExtID of the client.
- extId
string
(required) Example: 2233ExtID of the personal question.
Headers
Content-Type: application/json
Body
{
"version": 1,
"description": "description",
"stateName": "active",
"displayName": {
"DE": "DE displayName",
"EN": "EN displayName",
"FR": "FR displayName",
"IT": "IT displayName"
},
"content": {
"DE": "DE content",
"EN": "EN content",
"FR": "FR content",
"IT": "IT content"
}
}
200
Headers
Content-Type: application/json
Body
{
"extId": "2233",
"clientExtId": "1000",
"version": 1,
"description": "description",
"stateName": "active",
"displayName": {
"DE": "DE displayName",
"EN": "EN displayName",
"FR": "FR displayName",
"IT": "IT displayName"
},
"content": {
"DE": "DE content",
"EN": "EN content",
"FR": "FR content",
"IT": "IT content"
}
}
Generic Credential REST Service ¶
The Generic Credential REST Service is used to manage generic credentials. Note that deleting a user’s generic credential can result in the loss of access to the system for the user.
Generic Credential DTO
The generic credential DTO has the following fields:
-
extId - The external ID of the credential (string).
-
userExtId - The external ID of the user to whom the credential belongs(string).
-
policyExtId - The external ID of the used policy (string).
-
type - The type of the credential (string).
-
stateName - The state of the credential (string).
-
stateChangeReason - Reason for the last state change of the credential (string).
-
stateChangeDetail - Reason detail for the last state change of the credential (string).
-
lastSuccessfulLoginDate - Timestamp of last successful login (string).
-
successfulLoginCount - Counts successful logins with this credential since last initialization or reset (number).
-
lastFailedLoginDate - Date of last non-technical login failure, e.g., wrong password (string).
-
failedLoginCount - Counts non-technical login failures since the last successful login, initialization or reset (number).
-
modificationComment - Textual comment regarding the last modification (string).
-
validity - Describes the validity period of the credential (object).
- from - Start date of the profile’s validity in ISO format (string).
- to - End date of the profile’s validity in ISO format (string).
-
version - Version used for optimistic locking (number).
-
created - Creation date of the entity (read-only string).
-
lastModified - Date when the entity was last modified (read-only string).
Generic credential create DTO
The generic credential create DTO has the following fields:
-
extId - The external ID of the credential (string).
-
policyExtId - The external ID of the used policy (string).
-
identification - The identification of the generic credential (string).
-
stateName - The state of the credential (string).
Generic credential ¶
Get Generic CredentialGET/{clientExtId}/users/{userExtId}/generic-credentials/{extId}
Returns the generic credential with the given external ID, belonging to the user with the given external ID.
Required permissions
AccessControl.CredentialView
Example URI
- clientExtId
string
(required) Example: 1000ExtID of the client.
- userExtId
string
(required) Example: 1234ExtID of the user.
- extId
string
(required) Example: 1234ExtID of the generic credential.
200
Headers
Content-Type: application/json
Body
{
"extId": "4321",
"userExtID": "1234",
"policyExtId": "6789",
"identification": "someIdentification",
"label": "label",
"stateName": "active",
"stateChangeReason": "initialized",
"stateChangeDetail": "changed-by-admin",
"lastSuccessfulLoginDate": "2018-12-17T08:02:00Z",
"successfulLoginCount": 2,
"lastFailedLoginDate": "2017-10-02T08:15:00Z",
"failedLoginCount": 1,
"created": "2017-08-17T00:00:00Z",
"lastModified": "2018-04-21T10:26:00Z",
"modificationComment": "comment",
"validity": {
"from": "2017-08-17T00:00:00Z",
"to": "2027-08-17T00:00:00Z"
},
"version": 3
}
Update a generic credentialPATCH/{clientExtId}/users/{userExtId}/generic-credentials/{extId}
Updates a generic credential with the given external ID for the user with the given external ID
Required permissions
AccessControl.CredentialModify
Example URI
- clientExtId
string
(required) Example: 1000ExtID of the client.
- userExtId
string
(required) Example: 1234ExtID of the user.
- extId
string
(required) Example: 1234ExtID of the generic credential.
Headers
Content-Type: application/json
Body
{
"policyExtId": "6789",
"stateName": "initial",
"identification": "identification",
"modificationComment": "changed",
"version": 4,
}
200
Body
{
"extId": "4321",
"userExtID": "1234",
"policyExtId": "6789",
"identification": "identification",
"label": "label",
"stateName": "active",
"stateChangeReason": "initialized",
"stateChangeDetail": "changed-by-admin",
"lastSuccessfulLoginDate": "2018-12-17T08:02:00Z",
"successfulLoginCount": 2,
"lastFailedLoginDate": "2017-10-02T08:15:00Z",
"failedLoginCount": 1,
"created": "2017-08-17T00:00:00Z",
"lastModified": "2018-04-21T10:26:00Z",
"modificationComment": "changed",
"validity": {
"from": "2017-08-17T00:00:00Z",
"to": "2027-08-17T00:00:00Z"
},
"version": 4
}
Delete Generic CredentialDELETE/{clientExtId}/users/{userExtId}/generic-credentials/{extId}
Deletes the generic credential of the user with the given external ID.
Required permissions
AccessControl.CredentialDelete
Example URI
- clientExtId
string
(required) Example: 1000ExtID of the client.
- userExtId
string
(required) Example: 1234ExtID of the user.
- extId
string
(required) Example: 1234ExtID of the generic credential.
204
Headers
Content-Type: application/json
Generic credentials ¶
Get all generic credentialsGET/{clientExtId}/users/{userExtId}/generic-credentials/
Returns all generic credentials of the user with the given external ID.
Required permissions
AccessControl.CredentialView
Example URI
- clientExtId
string
(required) Example: 1000ExtID of the client.
- userExtId
string
(required) Example: 250002047ExtID of the user.
200
Headers
Content-Type: application/json
Body
{
"items": [
{
"extId": "27000044",
"userExtId": "250002047",
"policyExtId": "24000037",
"identification": "someIdentification",
"stateName": "active",
"stateChangeReason": "changed-by-admin",
"stateChangeDetail": "test detail",
"lastSuccessfulLoginDate": "2002-01-01T00:00:00Z",
"lastFailedLoginDate": "2002-01-01T00:00:00Z",
"successfulLoginCount": 1,
"failedLoginCount": 1,
"created": "2001-01-01T00:00:00Z",
"lastModified": "2002-01-01T00:00:00Z",
"modificationComment": "comment",
"validity": {
"from": "2001-01-01T00:00:00Z",
"to": "2029-01-01T00:00:00Z"
},
"version": 0
},
{
"extId": "27000043",
"userExtId": "250002047",
"policyExtId": "24000037",
"identification": "someIdentification",
"stateName": "active",
"stateChangeReason": "changed-by-admin",
"stateChangeDetail": "test detail",
"lastSuccessfulLoginDate": "2002-01-01T00:00:00Z",
"lastFailedLoginDate": "2002-01-01T00:00:00Z",
"successfulLoginCount": 1,
"failedLoginCount": 1,
"created": "2001-01-01T00:00:00Z",
"lastModified": "2002-01-01T00:00:00Z",
"modificationComment": "comment",
"validity": {
"from": "2001-01-01T00:00:00Z",
"to": "2029-01-01T00:00:00Z"
},
"version": 0
},
{
"extId": "27000040",
"userExtId": "250002047",
"policyExtId": "24000037",
"identification": "someIdentification",
"stateName": "active",
"stateChangeReason": "changed-by-admin",
"stateChangeDetail": "test detail",
"lastSuccessfulLoginDate": "2002-01-01T00:00:00Z",
"lastFailedLoginDate": "2002-01-01T00:00:00Z",
"successfulLoginCount": 1,
"failedLoginCount": 0,
"created": "2001-01-01T00:00:00Z",
"lastModified": "2002-01-01T00:00:00Z",
"modificationComment": "comment",
"validity": {
"from": "2001-01-01T00:00:00Z",
"to": "2029-01-01T00:00:00Z"
},
"version": 0
}
],
"_pagination": {
"continuationToken": "978303600000_27000040",
"limit": 1000
}
}
Create a generic credentialPOST/{clientExtId}/users/{userExtId}/generic-credentials/
Creates a new generic credential for the user with the given external ID.
Required permissions
AccessControl.CredentialCreate, AccessControl.CredentialView, AccessControl.PolicyConfigurationView
Example URI
- clientExtId
string
(required) Example: 1000ExtID of the client.
- userExtId
string
(required) Example: 250002047ExtID of the user.
Headers
Content-Type: application/json
Body
{
"extId": "4500",
"policyExtId": "6789",
"identification": "someIdentification",
"stateName": "active"
}
201
Headers
Location: https://your-host/nevisidm/api/core/v1/1000/users/1001/generic-credentials/4500
Generic credential properties ¶
Get propertiesGET/{clientExtId}/users/{userExtId}/generic-credentials/{extId}/properties/
Returns all properties of the generic credential with the given external ID, as an object of key-value pairs. Properties are additional, customer-specific attributes of an entity.
Required permissions
AccessControl.CredentialView, AccessControl.PropertyView, AccessControl.PropertyValueView, AccessControl.PropertyAllowedValueView
Example URI
- clientExtId
string
(required) Example: 1000ExtID of the client.
- userExtId
string
(required) Example: 1234ExtID of the user.
- extId
string
(required) Example: 28000033ExtID of the generic credential.
200
Headers
Content-Type: application/json
Body
{
"propertyKey1": "propertyValue1",
"propertyKey2": "propertyValue2"
}
Update generic credential propertiesPATCH/{clientExtId}/users/{userExtId}/generic-credentials/{extId}/properties/
Updates the properties of the generic credential with the given external ID, belonging to the user and client with given external IDs. The body must contain an object of key-value property pairs.
Required permissions
AccessControl.CredentialView, AccessControl.CredentialModify, AccessControl.PropertyView, AccessControl.PropertyValueView, AccessControl.PropertyAllowedValueView, AccessControl.PropertyValueCreate, AccessControl.PropertyValueModify, AccessControl.PropertyValueDelete
Example URI
- clientExtId
string
(required) Example: 1000ExtID of the client.
- userExtId
string
(required) Example: 1234ExtID of the user.
- extId
string
(required) Example: 28000033ExtID of the generic credential.
Headers
Content-Type: application/json
Body
{
"propertyKey1": "propertyNewValue1",
"propertyKey3": "propertyNewValue3"
}
200
Headers
Content-Type: application/json
Body
{
"propertyKey1": "propertyNewValue1",
"propertyKey2": "propertyValue2",
"propertyKey3": "propertyNewValue3"
}
Terms REST Service ¶
These endpoints enable the caller
-
to create and delete terms,
-
to change the existing terms.
-
to (un)/assign an application (from)/to a terms.
A terms object can be associated with many applications.
Terms get DTO
The terms get DTO has the following fields:
-
extId - The external id of the Terms object (string).
-
name - The name of the Terms object (string).
-
active - Determines whether the terms are active or not (boolean).
-
silentAcceptance - Determines whether the terms are accepted silently or not (boolean).
-
termsVersion - The version of the Terms (string).
-
created - The creation date (Date).
-
lastModified - The date of the last modification (Date).
-
urls - Actual Terms and Conditions pages (string: string pairs).
-
applicationExtIds - List of external ids of the applications for which the terms are assigned.
Terms create DTO
The terms create DTO has the following fields:
-
extId - The external id of the Terms object (string).
-
name - The name of the Terms object (string).
-
active - Determines whether the terms are active or not (boolean).
-
silentAcceptance - Determines whether the terms are accepted silently or not (boolean).
-
termsVersion - The version of the Terms (string).
-
urls - Actual Terms and Conditions pages (string).
Terms patch DTO
The terms patch DTO has the following fields:
-
name - The name of the Terms (string).
-
active - Determines whether the terms are active or not (boolean).
-
termsVersion - The version of the Terms (string).
-
version - The version used for optimistic locking (number).
-
urls - Actual Terms and Conditions pages (string).
Terms ¶
Create termsPOST/terms/
Creates a new terms object with the given external ID and name.
Required permissions
AccessControl.TermsCreate
Example URI
Headers
Content-Type: application/json
Body
{
"extId": "1001",
"name": "termsName",
"silentAcceptance": true,
"active": true,
"termsVersion": "termsVersion",
"urls": {
"de": "https://www.sampleUrl.terms",
"fr": "https://www.sampleUrl2.terms"
}
}
201
Headers
Location: https://your-host/nevisidm/api/core/v1/terms/1001
Get termsGET/terms/
Returns a list of all terms objects in the system.
Required permissions
AccessControl.TermsView
Example URI
200
Headers
Content-Type: application/json
Body
{
Items: [
{
"extId": "1001",
"name": "termsOne",
"silentAcceptance": true,
"active": true,
"created": "2018-04-24T14:22:20Z",
"lastModified": "2018-04-24T14:22:20Z"
"termsVersion": "version",
"version": 1,
"urls": {
"de": "https://www.sampleUrl.terms"
},
"applicationExtIds": [
"10101",
"20202"
]
},
{
"extId": "1002",
"name": "termsTwo",
"silentAcceptance": true,
"active": true,
"created": "2018-04-24T16:22:20Z",
"lastModified": "2018-04-24T16:22:20Z"
"termsVersion": "version",
"version": 1,
"urls": {
"de": "https://www.sampleUrl.terms",
"fr": "https://www.sampleUrl2.terms"
},
"applicationExtIds": [
"11111",
"22222"
]
}
]
}
Terms ¶
Get termsGET/terms/{extId}
Returns the terms with the given external ID.
Required permissions
AccessControl.TermsView
Example URI
- extId
string
(required) Example: 250000003ExtID of the terms.
200
Headers
Content-Type: application/json
Body
{
"extId": "1001",
"name": "termsName",
"silentAcceptance": true,
"active": true,
"termsVersion": "termsVersion",
"created": "2017-08-17T00:00:00Z",
"lastModified": "2017-08-17T00:00:00Z",
"urls": {
"de": "https://www.sampleUrl.terms",
"it": "https://www.sampleUrl2.terms"
},
"applicationExtIds": [
"10101",
"20202"
]
}
Update termsPATCH/terms/{extId}
Updates the terms with the given external ID.
Required permissions
AccessControl.TermsView, AccessControl.TermsModify
Example URI
- extId
string
(required) Example: 250000003ExtID of the terms.
Headers
Content-Type: application/json
Body
{
"name": "termsName",
"silentAcceptance": true,
"active": true,
"termsVersion": "termsVersion",
"version": 1,
"urls": {
"de": "https://www.sampleUrl.terms",
"fr": "https://www.sampleUrl2.terms"
}
}
200
Headers
Content-Type: application/json
Body
{
"extId": "1001",
"name": "termsName",
"silentAcceptance": true,
"active": true,
"created": "2018-04-24T14:22:20Z",
"lastModified": "2018-04-24T14:22:20Z"
"termsVersion": "termsVersion",
"version": 1,
"urls": {
"es": "https://www.sampleUrl.terms",
"it": "https://www.sampleUrl2.terms"
},
"applicationExtIds": [
"11111",
"22222",
]
}
Delete termsDELETE/terms/{extId}
Deletes the terms with the given external ID.
Required permissions
AccessControl.TermsDelete
Example URI
- extId
string
(required) Example: 250000003ExtID of the terms.
204
Headers
Content-Type: application/json
Terms ¶
Assigns an application to a termsPUT/terms/{termsExtId}/applications/{applicationExtId}
Assigns an application with the given external ID to the terms with the given external ID.
Required permissions
AccessControl.TermsModify
Example URI
- termsExtId
string
(required) Example: 250000003ExtID of the terms.
- applicationExtId
string
(required) Example: 26000001ExtId of the application.
204
Headers
Content-Type: application/json
Unassign an application from a termsDELETE/terms/{termsExtId}/applications/{applicationExtId}
Unassigns an application with the given external ID from the terms with the given external ID.
Required permissions
AccessControl.TermsView, AccessControl.TermsModify
Example URI
- termsExtId
string
(required) Example: 250000003ExtID of the terms.
- applicationExtId
string
(required) Example: 26000001ExtId of the application.
204
Headers
Content-Type: application/json
Kerberos REST Service experimental ¶
The Kerberos REST Service is used to manage the Kerberos credentials.
Kerberos external IDs are unique per client only, not globally. Therefore, you must always set the target client.
Kerberos create DTO
The Kerberos create DTO has the following fields:
-
extId - The external ID of the Kerberos credential (string).
-
stateName - The state of the credential (string).
-
kerberosId - The identifier of the Kerberos credential (string).
Kerberos get DTO
The kerberos credential get DTO has the following fields:
-
extId - The external ID of the credential (string).
-
userExtId - The external ID of the user to whom the credential belongs(string).
-
kerberosId - The external ID used to map the user to the SAM account (string).
-
stateName - The state of the credential (string).
-
stateChangeReason - Reason for the last state change of the credential (string).
-
stateChangeDetail - Reason detail for the last state change of the credential (string).
-
lastSuccessfulLoginDate - Timestamp of last successful login (string).
-
successfulLoginCount - Counts successful logins with this credential since last initialization or reset (number).
-
lastFailedLoginDate - Date of last non-technical login failure (string).
-
failedLoginCount - Counts non-technical login failures since the last successful login, initialization or reset (number).
-
modificationComment - Textual comment regarding the last modification (string).
-
validity - Describes the validity period of the credential (object).
- from - Start date of the profile’s validity in ISO format (string).
- to - End date of the profile’s validity in ISO format (string).
-
version - Version used for optimistic locking (number).
-
created - Creation date of the entity (read-only string).
-
lastModified - Date when the entity was last modified (read-only string).
Kerberos patch DTO
The kerberos credential patch DTO has the following fields:
-
kerberosId - The external ID used to map the user to the SAM account (string).
-
stateName - The state of the credential (string).
-
modificationComment - Textual comment regarding the last modification (string).
-
version - Version used for optimistic locking (number).
Kerberos Credentials ¶
Create KerberosPOST/{clientExtId}/users/{userExtId}/kerberos/
Creates a Kerberos credential for the user with the given external ID.
Required permissions
AccessControl.CredentialCreate
Example URI
- clientExtId
string
(required) Example: 1000ExtID of the client.
- userExtId
string
(required) Example: 1234ExtID of the user.
Headers
Content-Type: application/json
Body
{
"extId": "kerberosExtId",
"kerberosId": "someKerberosId",
"stateName": "active"
}
201
Headers
Location: https://your-host/nevisidm/api/core/v1/1000/users/1001/kerberos/kerberosExtId
Get all Kerberos CredentialsGET/{clientExtId}/users/{userExtId}/kerberos/
Returns all Kerberos credentials of the user with the given user external ID.
Required permissions
AccessControl.CredentialView
Example URI
- clientExtId
string
(required) Example: 1000ExtID of the client.
- userExtId
string
(required) Example: 1234ExtID of the user.
Headers
Content-Type: application/json
200
Headers
Content-Type: application/json
Body
{
"items": [
{
"created": "2018-08-07T00:00:00Z",
"lastModified": "2018-08-07T00:00:00Z",
"version": 0,
"extId": "250002053",
"userExtId": "250002052",
"kerberosId": "user-login-ID-1@windows-domain",
"stateName": "active",
"stateChangeReason": "changed-by-admin",
"stateChangeDetail": "changed to disabled",
"lastSuccessfulLoginDate": "2011-11-11T00:00:00Z",
"successfulLoginCount": 2,
"lastFailedLoginDate": "2004-04-04T00:00:00Z",
"failedLoginCount": 4,
"modificationComment": "Add kerberos credential 1",
"validity": {
"from": "2018-08-07T00:00:00Z",
"to": "2052-06-03T00:00:00Z"
}
},
{
"created": "2018-08-07T00:00:00Z",
"lastModified": "2018-08-07T00:00:00Z",
"version": 0,
"extId": "250002052",
"userExtId": "250002052",
"kerberosId": "user-login-ID-2@windows-domain",
"stateName": "active",
"stateChangeReason": "changed-by-admin",
"stateChangeDetail": "changed to disabled",
"lastSuccessfulLoginDate": "2011-11-11T00:00:00Z",
"successfulLoginCount": 2,
"lastFailedLoginDate": "2004-04-04T00:00:00Z",
"failedLoginCount": 4,
"modificationComment": "Add kerberos credential 2",
"validity": {
"from": "2018-08-07T00:00:00Z",
"to": "2052-06-03T00:00:00Z"
}
}
],
"_pagination": {
"start": 0,
"limit": 1000
}
}
Kerberos credential ¶
Get Kerberos CredentialGET/{clientExtId}/users/{userExtId}/kerberos/{extId}/
Returns the Kerberos credential with the given external ID, belonging to the user with the given external ID.
Required permissions
AccessControl.CredentialView
Example URI
- clientExtId
string
(required) Example: 1000ExtID of the client.
- userExtId
string
(required) Example: 1234ExtID of the user.
- extId
string
(required) Example: 1234ExtID of the Kerberos credential.
Headers
Content-Type: application/json
200
Headers
Content-Type: application/json
Body
{
"created": "2018-08-07T00:00:00Z",
"lastModified": "2018-08-07T00:00:00Z",
"version": 0,
"extId": "250002053",
"userExtId": "250002052",
"kerberosId": "user-login-ID-1@windows-domain",
"stateName": "active",
"stateChangeReason": "changed-by-admin",
"stateChangeDetail": "changed to disabled",
"lastSuccessfulLoginDate": "2011-11-11T00:00:00Z",
"successfulLoginCount": 2,
"lastFailedLoginDate": "2004-04-04T00:00:00Z",
"failedLoginCount": 4,
"modificationComment": "Add kerberos credential 1",
"validity": {
"from": "2018-08-07T00:00:00Z",
"to": "2052-06-03T00:00:00Z"
}
}
Delete Kerberos credentialDELETE/{clientExtId}/users/{userExtId}/kerberos/{extId}/
Deletes the Kerberos credential of the user with the given external ID.
Required permissions
AccessControl.CredentialDelete
Example URI
- clientExtId
string
(required) Example: 1000ExtID of the client.
- userExtId
string
(required) Example: 1234ExtID of the user.
- extId
string
(required) Example: 1234ExtID of the Kerberos credential.
204
Headers
Content-Type: application/json
Update Kerberos credentialPATCH/{clientExtId}/users/{userExtId}/kerberos/{extId}/
Updates the Kerberos credential with the given external ID, belonging to the user with the given external ID.
Required permissions
AccessControl.CredentialModify, AccessControl.CredentialView
Example URI
- clientExtId
string
(required) Example: 1000ExtID of the client.
- userExtId
string
(required) Example: 1234ExtID of the user.
- extId
string
(required) Example: 1234ExtID of the Kerberos credential.
Headers
Content-Type: application/json
Body
{
"kerberosId": "user-login-ID-1@windows-domain",
"stateName": "active",
"modificationComment": "Update kerberos comment",
"version": 4
}
200
Headers
Content-Type: application/json
Body
{
"created": "2018-08-07T00:00:00Z",
"lastModified": "2018-08-07T00:00:00Z",
"version": 4,
"extId": "250002053",
"userExtId": "250002052",
"kerberosId": "user-login-ID-1@windows-domain",
"stateName": "active",
"stateChangeReason": "changed-by-admin",
"stateChangeDetail": "changed to disabled",
"lastSuccessfulLoginDate": "2011-11-11T00:00:00Z",
"successfulLoginCount": 2,
"lastFailedLoginDate": "2004-04-04T00:00:00Z",
"failedLoginCount": 4,
"modificationComment": "Update kerberos comment",
"validity": {
"from": "2018-08-07T00:00:00Z",
"to": "2052-06-03T00:00:00Z"
}
}
mTAN REST Service ¶
The mTAN REST Service is used to manage the mTAN credentials.
mTAN external IDs are unique per client only, not globally. Therefore, you must always set the target client.
mTAN create DTO
The mTAN create DTO has the following fields:
-
extId - The external ID of the mTan credential (string).
-
mobileNumber - The mobile number in E164 format to associate with the mTan credential (string).
-
policyExtId - The external ID of the used policy (string).
mTAN get DTO
The mTAN credential get DTO has the following fields:
-
extId - The external ID of the credential (string).
-
userExtId - The external ID of the user to whom the credential belongs(string).
-
policyExtId - The external ID of the used policy (string).
-
stateName - The state of the credential (string).
-
stateChangeReason - Reason for the last state change of the credential (string).
-
stateChangeDetail - Reason detail for the last state change of the credential (string).
-
lastSuccessfulLoginDate - Timestamp of last successful login (string).
-
successfulLoginCount - Counts successful logins with this credential since last initialization or reset (number).
-
lastFailedLoginDate - Date of last non-technical login failure (string).
-
failedLoginCount - Counts non-technical login failures since the last successful login, initialization or reset (number).
-
modificationComment - Textual comment regarding the last modification (string).
-
mobileNumber - Mobile number of the mTAN credential
- raw - Mobile number in raw format
- e164 - Mobile number in E.164 format, omitted if raw cannot be parsed
-
validity - Describes the validity period of the credential (object).
- from - Start date of the profile’s validity in ISO format (string).
- to - End date of the profile’s validity in ISO format (string).
-
version - Version used for optimistic locking (number).
-
created - Creation date of the entity (read-only string).
-
lastModified - Date when the entity was last modified (read-only string).
mTAN patch DTO
The mTAN credential patch DTO has the following fields:
-
stateName - The state of the credential (string).
-
modificationComment - Textual comment regarding the last modification (string).
-
version - Version used for optimistic locking (number).
mTAN Credentials ¶
Create mTANPOST/{clientExtId}/users/{userExtId}/mtans/
Creates an mTAN credential for the user with the given external ID.
Required permissions
AccessControl.CredentialCreate
Example URI
- clientExtId
string
(required) Example: 1000ExtID of the client.
- userExtId
string
(required) Example: 1234ExtID of the user.
Headers
Content-Type: application/json
Body
{
"extId": "mTanExtId",
"mobileNumber": "+41442726111",
"policyExtId": "6789"
}
201
Headers
Location: https://your-host/nevisidm/api/core/v1/1000/users/1001/mtans/mTanExtId
Get all mTAN CredentialsGET/{clientExtId}/users/{userExtId}/mtans/
Returns all mTAN credentials of the user with the given user external ID.
Required permissions
AccessControl.CredentialView
Example URI
- clientExtId
string
(required) Example: 1000ExtID of the client.
- userExtId
string
(required) Example: 1234ExtID of the user.
Headers
Content-Type: application/json
200
Headers
Content-Type: application/json
Body
{
"items": [
{
"created": "2018-08-07T00:00:00Z",
"lastModified": "2018-08-07T00:00:00Z",
"version": 0,
"extId": "250002053",
"userExtId": "250002052",
"stateName": "active",
"stateChangeReason": "changed-by-admin",
"stateChangeDetail": "changed to disabled",
"lastSuccessfulLoginDate": "2011-11-11T00:00:00Z",
"successfulLoginCount": 2,
"lastFailedLoginDate": "2004-04-04T00:00:00Z",
"failedLoginCount": 4,
"modificationComment": "Add mTAN credential 1",
"mobileNumber": {
"raw": "36201111111",
"e164": "+36201111111"
}
"validity": {
"from": "2018-08-07T00:00:00Z",
"to": "2052-06-03T00:00:00Z"
}
},
{
"created": "2018-08-07T00:00:00Z",
"lastModified": "2018-08-07T00:00:00Z",
"version": 0,
"extId": "250002052",
"userExtId": "250002052",
"stateName": "active",
"stateChangeReason": "changed-by-admin",
"stateChangeDetail": "changed to disabled",
"lastSuccessfulLoginDate": "2011-11-11T00:00:00Z",
"successfulLoginCount": 2,
"lastFailedLoginDate": "2004-04-04T00:00:00Z",
"failedLoginCount": 4,
"modificationComment": "Add mTAN credential 2",
"mobileNumber": {
"raw": "36201111111",
"e164": "+36201111111"
}
"validity": {
"from": "2018-08-07T00:00:00Z",
"to": "2052-06-03T00:00:00Z"
}
}
],
"_pagination": {
"start": 0,
"limit": 1000
}
}
mTAN credential ¶
Get mTAN CredentialGET/{clientExtId}/users/{userExtId}/mtans/{extId}/
Returns the mTAN credential with the given external ID, belonging to the user with the given external ID.
Required permissions
AccessControl.CredentialView
Example URI
- clientExtId
string
(required) Example: 1000ExtID of the client.
- userExtId
string
(required) Example: 1234ExtID of the user.
- extId
string
(required) Example: 1234ExtID of the mTAN credential.
Headers
Content-Type: application/json
200
Headers
Content-Type: application/json
Body
{
"created": "2017-08-17T00:00:00Z",
"lastModified": "2017-08-17T00:00:00Z",
"version": 0,
"extId": "232334",
"userExtID": "123234",
"policyExtId": "100",
"stateName": "active",
"stateChangeReason": "hanged-by-admin",
"stateChangeDetail": "changed to disabled",
"lastSuccessfulLoginDate": "2017-08-17T00:00:00Z",
"successfulLoginCount": 0,
"lastFailedLoginDate": "2017-08-17T00:00:00Z",
"failedLoginCount": 0,
"modificationComment": "comment",
"mobileNumber": {
"raw": "36201111111",
"e164": "+36201111111"
},
"validity": {
"from": "2017-08-17T00:00:00Z",
"to": "2017-08-17T00:00:00Z"
}
}
Update mTAN CredentialPATCH/{clientExtId}/users/{userExtId}/mtans/{extId}/
Updates the mTAN credential with the given external ID, belonging to the user with the given external ID.
Required permissions
AccessControl.CredentialModify, AccessControl.CredentialView
Example URI
- clientExtId
string
(required) Example: 1000ExtID of the client.
- userExtId
string
(required) Example: 1234ExtID of the user.
- extId
string
(required) Example: 1234ExtID of the mTAN credential.
Headers
Content-Type: application/json
Body
{
"stateName": "active",
"modificationComment": "Update mTAN comment",
"version": 4
}
200
Headers
Content-Type: application/json
Body
{
"created": "2017-08-17T00:00:00Z",
"lastModified": "2017-08-17T00:00:00Z",
"version": 4,
"extId": "232334",
"userExtID": "123234",
"policyExtId": "100",
"stateName": "active",
"stateChangeReason": "hanged-by-admin",
"stateChangeDetail": "changed to active",
"lastSuccessfulLoginDate": "2017-08-17T00:00:00Z",
"successfulLoginCount": 0,
"lastFailedLoginDate": "2017-08-17T00:00:00Z",
"failedLoginCount": 0,
"modificationComment": "Update mTAN comment",
"mobileNumber": {
"raw": "36201111111",
"e164": "+36201111111"
},
"validity": {
"from": "2017-08-17T00:00:00Z",
"to": "2017-08-17T00:00:00Z"
}
}
Delete mTan CredentialDELETE/{clientExtId}/users/{userExtId}/mtans/{extId}/
Deletes the mTan credential with the given external ID, belonging to the user with the given user external ID.
Required permissions
AccessControl.CredentialDelete
Example URI
- clientExtId
string
(required) Example: 1000ExtID of the client.
- userExtId
string
(required) Example: 1234ExtID of the user.
- extId
string
(required) Example: 1234ExtID of the mTAN credential.
204
Headers
Content-Type: application/json
SecurID REST Service ¶
The SecurID REST Service is used to manage the SecurID credentials.
SecurID external IDs are unique per client only, not globally. Therefore, you must always set the target client.
SecurID create DTO
The SecurID create DTO has the following fields:
-
extId - The external ID of the SecurID credential (string).
-
username - The SecurID user name (string).
-
stateName - The state of the credential (string).
SecurID get DTO
The SecurID get DTO has the following fields:
-
created - Creation time of the SecurID (read-only string).
-
lastModified - Last modification time of the SecurID (read-only string).
-
version - Version used for optimistic locking (number).
-
extId - The external ID of the credential (string).
-
userExtId - The external ID of the user (string).
-
stateName - The state of the credential (string).
-
username - The SecurID username (string).
-
stateChangeReason - The reason for the last change (string).
-
stateChangeDetail - The details of the last change (string).
-
lastSuccessfulLoginDate - The time of the last successful login (read-only string).
-
successfulLoginCount - the count of the successful login attempts (number).
-
lastFailedLoginDate - the time of the last failed login (read-only string).
-
failedLoginCount - The count of the failed login attempts (number).
-
modificationComment - The comment provided for the modification (string).
-
validity - Describes the validity period of the credential (object).
- from - Start date of the profile’s validity in ISO format (string).
- to - End date of the profile’s validity in ISO format (string).
SecurID Credential ¶
Create SecurIDPOST/{clientExtId}/users/{userExtId}/securid/
Creates a SecurID credential for the user with the given external ID.
Required permissions
AccessControl.CredentialCreate
Example URI
- clientExtId
string
(required) Example: 1000ExtID of the client.
- userExtId
string
(required) Example: 1234ExtID of the user.
Headers
Content-Type: application/json
Body
{
"extId": "securIdExtId",
"username": "securid_username",
"stateName": "active"
}
201
Headers
Location: https://your-host/nevisidm/api/core/v1/1000/users/1001/securids/securIdExtId
Get SecurID CredentialGET/{clientExtId}/users/{userExtId}/securid/
Returns the SecurID credential belonging to the user with the given external ID.
Required permissions
AccessControl.CredentialView
Example URI
- clientExtId
string
(required) Example: 1000ExtID of the client.
- userExtId
string
(required) Example: 1234ExtID of the user.
Headers
Content-Type: application/json
200
Headers
Content-Type: application/json
Body
{
"created": "2018-08-07T00:00:00Z",
"lastModified": "2018-08-07T00:00:00Z",
"version": 0,
"extId": "39250002",
"userExtId": "2345",
"stateName": "active",
"username": "securid_username",
"stateChangeReason": "changed-by-admin",
"stateChangeDetail": "changed to disabled",
"lastSuccessfulLoginDate": "2011-11-11T00:00:00Z",
"successfulLoginCount": 2,
"lastFailedLoginDate": "2004-04-04T00:00:00Z",
"failedLoginCount": 4,
"modificationComment": "Add",
"validity": {
"from": "2018-08-07T00:00:00Z",
"to": "2052-06-03T00:00:00Z"
}
}
Delete SecurID Credential experimentalDELETE/{clientExtId}/users/{userExtId}/securid/
Deletes the SecurID credential associated to the user with the given external ID.
Required permissions
AccessControl.CredentialDelete
Example URI
- clientExtId
string
(required) Example: 1000ExtID of the client.
- userExtId
string
(required) Example: 1234ExtID of the user.
204
Headers
Content-Type: application/json
Safeword REST Service experimental ¶
The Safeword REST Service is used to manage the Safeword credentials.
Safeword external IDs are unique per client only, not globally. Therefore, you must always set the target client.
Safeword create DTO
The Safeword create DTO has the following fields:
-
extId - The external ID of the Safeword credential (string).
-
stateName - The state of the credential (string).
-
username - The username of the Safeword credential (string).
Safeword get DTO
The safeword credential get DTO has the following fields:
-
extId - The external ID of the credential (string).
-
userExtId - The external ID of the user to whom the credential belongs(string).
-
username - The content of the safeword credential (string).
-
stateName - The state of the credential (string).
-
stateChangeReason - Reason for the last state change of the credential (string).
-
stateChangeDetail - Reason detail for the last state change of the credential (string).
-
lastSuccessfulLoginDate - Timestamp of last successful login (string).
-
successfulLoginCount - Counts successful logins with this credential since last initialization or reset (number).
-
lastFailedLoginDate - Date of last non-technical login failure (string).
-
failedLoginCount - Counts non-technical login failures since the last successful login, initialization or reset (number).
-
modificationComment - Textual comment regarding the last modification (string).
-
validity - Describes the validity period of the credential (object).
- from - Start date of the profile’s validity in ISO format (string).
- to - End date of the profile’s validity in ISO format (string).
-
version - Version used for optimistic locking (number).
-
created - Creation date of the entity (read-only string).
-
lastModified - Date when the entity was last modified (read-only string).
Safeword patch DTO
The Safeword patch DTO has the following fields.
-
username - The username of the Safeword credential (string).
-
stateName - The state of the credential (string).
-
modificationComment - Textual comment regarding the last modification (string).
-
version - Version used for optimistic locking (number).
Safeword Credential ¶
Create SafewordPOST/{clientExtId}/users/{userExtId}/safeword/
Creates a Safeword credential for the user with the given external ID.
Required permissions
AccessControl.CredentialCreate
Example URI
- clientExtId
string
(required) Example: 1000ExtID of the client.
- userExtId
string
(required) Example: 1234ExtID of the user.
Headers
Content-Type: application/json
Body
{
"extId": "safewordExtId",
"username": "username",
"stateName": "active"
}
201
Headers
Location: https://your-host/nevisidm/api/core/v1/1000/users/1001/safewords/safewordExtId
Delete safeword credentialDELETE/{clientExtId}/users/{userExtId}/safeword/
Deletes the safeword credential of the user specified with the userExtId
Required permissions
AccessControl.CredentialModify, AccessControl.CredentialView
Example URI
- clientExtId
string
(required) Example: 1000ExtID of the client.
- userExtId
string
(required) Example: 1234ExtID of the user.
204
Headers
Content-Type: application/json
Getting a Safeword credentialGET/{clientExtId}/users/{userExtId}/safeword/
Returns the Safeword credential with the given external ID, belonging to the user with the given external ID.
Required permissions
AccessControl.CredentialView
Example URI
- clientExtId
string
(required) Example: 1000ExtID of the client.
- userExtId
string
(required) Example: 1234ExtID of the user.
Headers
Content-Type: application/json
200
Headers
Content-Type: application/json
Body
{
"extId": "4321",
"userExtId": "1234",
"username": "safeword username",
"stateName": "active",
"stateChangeReason": "initialized",
"stateChangeDetail": "changed-by-admin",
"lastSuccessfulLoginDate": "2018-12-17T08:02:00Z",
"successfulLoginCount": 2,
"lastFailedLoginDate": "2017-10-02T08:15:00Z",
"failedLoginCount": 1,
"created": "2017-08-17T00:00:00Z",
"lastModified": "2018-04-21T10:26:00Z",
"modificationComment": "comment",
"validity": {
"from": "2017-08-17T00:00:00Z",
"to": "2027-08-17T00:00:00Z"
},
"version": 3
}
Update Safeword CredentialPATCH/{clientExtId}/users/{userExtId}/safeword/
Updates the Safeword credential with the given external ID, belonging to the user with the given external ID.
Required permissions
AccessControl.CredentialModify, AccessControl.CredentialView
Example URI
- clientExtId
string
(required) Example: 1000ExtID of the client.
- userExtId
string
(required) Example: 1234ExtID of the user.
Headers
Content-Type: application/json
Body
{
"username": "safeword-patch-01",
"stateName": "active",
"modificationComment": "safeword-patch-01 comment",
"version": 5
}
200
Headers
Content-Type: application/json
Body
{
"extId": "4321",
"userExtId": "1234",
"username": "safeword username",
"stateName": "active",
"stateChangeReason": "initialized",
"stateChangeDetail": "changed-by-admin",
"lastSuccessfulLoginDate": "2018-12-17T08:02:00Z",
"successfulLoginCount": 2,
"lastFailedLoginDate": "2017-10-02T08:15:00Z",
"failedLoginCount": 1,
"created": "2017-08-17T00:00:00Z",
"lastModified": "2018-04-21T10:26:00Z",
"modificationComment": "comment",
"validity": {
"from": "2017-08-17T00:00:00Z",
"to": "2027-08-17T00:00:00Z"
},
"version": 3
}